VariantDraft

CWE-13ASP.NET Misconfiguration: Password in Configuration File

Category: auth

Description

Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource making them an easy target for attackers.

Common consequences· 1

  • Access Control — Gain Privileges or Assume Identity

Potential mitigations· 1

  • [Implementation]Credentials stored in configuration files should be encrypted, Use standard APIs and industry accepted algorithms to encrypt the credentials stored in configuration files.

References

  1. https://cwe.mitre.org/data/definitions/13.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
J2EE Misconfiguration: Plaintext Password in Configuration File
CWE
ASP.NET Misconfiguration: Use of Identity Impersonation
CWE
ASP.NET Misconfiguration: Missing Custom Error Page
CWE
ASP.NET Misconfiguration: Not Using Input Validation Framework
CWE
ASP.NET Misconfiguration: Improper Model Validation
CWE
Empty Password in Configuration File
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.