HARDCODED KEY

Feature Value
Type Detection
Risk OWASP A2
Covered by Agent

The use of a hard-coded cryptographic key tremendously increases the possibility that encrypted data may be recovered

Example

private static byte[] KEY = new byte[] { 0x00000055, 0x00000041, 0x0000007A, 0x00000065, 0x0000004C, 0x00000079,
    0x00000051, 0x0000004C, 0x00000048, 0x00000063, 0x0000004E, 0x00000070, 0x00000047 };

public static SecretKey getKey() {
    return new SecretKeySpec(KEY, 0, KEY.length, "AES");
}

More information

How to solve it

Design: Prevention schemes mirror that of hard-coded password storage