cwe-522-insufficiently-protected-credentials

star 1

Use this skill when you need to remediate CWE-522 (Insufficiently Protected Credentials) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing insufficiently protected credentials issues.

DevelopersCoffee By DevelopersCoffee schedule Updated 3/6/2026
play_arrow Run Skill in Manus View GitHub

name: cwe-522-insufficiently-protected-credentials description: Use this skill when you need to remediate CWE-522 (Insufficiently Protected Credentials) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing insufficiently protected credentials issues. version: 1.0.0 license: MIT tags:

  • security
  • java
  • cwe-522
  • remediation
  • sast

CWE-522 Insufficiently Protected Credentials

Description

Insufficiently Protected Credentials

Reference: https://cwe.mitre.org/data/definitions/522.html

OWASP Category: A07:2021 – Identification and Authentication Failures

Vulnerable Pattern

❌ Example 1: Vulnerable Pattern

// VULNERABLE: Storing plaintext password
user.setPassword(request.getPassword());
userRepository.save(user);

Why it's vulnerable: This pattern is vulnerable to Insufficiently Protected Credentials

Deterministic Fix

✅ Secure Implementation: Secure Implementation

// SECURE: Use BCrypt for password hashing
@Autowired
private PasswordEncoder passwordEncoder;

public void registerUser(UserRequest request) {
    User user = new User();
    user.setUsername(request.getUsername());
    user.setPassword(passwordEncoder.encode(request.getPassword()));
    userRepository.save(user);
}

Why it's secure: Implements proper protection against Insufficiently Protected Credentials

Detection Pattern

Look for these patterns in your codebase:

# Find plaintext password storage
grep -rn "setPassword.*getPassword\\|password.*=.*request" --include="*.java"

Remediation Steps

  1. Use BCrypt or Argon2 for password hashing

  2. Never store plaintext passwords

  3. Use secure comparison for password verification

  4. Implement password complexity requirements

Key Imports


import org.springframework.security.crypto.password.PasswordEncoder;

import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

Verification

After remediation:

  • Run SAST scanner to confirm vulnerability is resolved

  • Review all instances of the vulnerable pattern

  • Add unit tests that verify the secure implementation

  • Check for similar patterns in related code

Trigger Examples

Fix CWE-522 vulnerability
Resolve Insufficiently Protected Credentials issue
Secure this Java code against insufficiently protected credentials
SAST reports CWE-522

Common Vulnerable Locations

Layer Files Patterns

| Controller | *Controller.java | User input handling |

| Service | *Service.java | Business logic |

| Repository | *Repository.java | Data access |

References

Source: Generated by Java CWE Security Skills Generator Last Updated: 2026-03-07

Install via CLI
npx skills add https://github.com/DevelopersCoffee/java-cwe-security-skills --skill cwe-522-insufficiently-protected-credentials
Repository Details
star Stars 1
call_split Forks 0
navigation Branch main
article Path SKILL.md
More from Creator
DevelopersCoffee
DevelopersCoffee Explore all skills →