# Hard Coded Credentials Analyzer PRO

Category	Severity	Time To Fix
🛡️ Security	Minor	5 minutes

Class: Enlightn\EnlightnPro\Analyzers\Security\HardCodedCredentialsAnalyzer

# Introduction

This analyzer scans your application code to detect hard coded credentials in your source code.

It is considered a bad practice to have hard coded credentials in your source code because of the following reasons:

It allows all project developers to view the password.
If the account protected by the password is compromised, you would be forced to choose between security and availability.
Once the code is in production, the password cannot be changed without patching the software.

# How To Fix

Remove all references to hard coded credentials and either store them in the database or in your .env file, which can be referenced by a config file.

# References

OWASP Guide on Hardcoded Passwords (opens new window)
CWE: Use of Hardcoded Credentials (opens new window)

← Frontend Vulnerable Dependency Analyzer Hashing Strength Analyzer →