CWE-547

Use of Hard-coded, Security-relevant Constants

The product uses hard-coded constants instead of symbolic names for security-critical values, which increases the likelihood of mistakes during code maintenance or security policy change.

Mitigation

Phase: Implementation

Description:

Avoid using hard-coded constants. Configuration files offer a more flexible solution.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page