How to resolve Use of hard-coded cryptographic key vulnerabilities in asp.net application?

Sana, Ramesh 20

How to resolve Use of hard-coded cryptographic key vulnerabilities in asp.net application?

Lan Huang-MSFT 30,191 Reputation points Microsoft External Staff

2023-07-31T06:59:16.4833333+00:00
Hi @Sana, Ramesh,

Do not hard-code encryption key.

For a symmetric algorithm to be successful, the secret key must be known only to the sender and the receiver. When a key is hard-coded, it is easily discovered. Even with compiled binaries, it is easy for malicious users to extract it. Once the private key is compromised, the cipher text can be decrypted directly and is not protected anymore.

How to fix violations:

Consider redesigning your application to use a secure key management system, such as Azure Key Vault.

Keep credentials and keys in a secure location separate from your source code.

1 answer

Bruce (SqlWork.com) 78,006 Reputation points Volunteer Moderator

2023-07-29T16:55:53.5233333+00:00

Don’t hard code keys. The keys should be loaded at runtime from a secure source. Azure key vault is a possible option.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Your answer