BaseIncomplete

CWE-260Password in Configuration File

Category: auth

Description

The product stores a password in a configuration file that might be accessible to actors who do not know the password. This can result in compromise of the system for which the password is used. An attacker could gain access to this file and learn the stored password or worse yet, change the password to one of their choosing.

Common consequences· 1

  • Access Control — Gain Privileges or Assume Identity

Potential mitigations· 2

  • [Architecture and Design]Avoid storing passwords in easily accessible locations.
  • [Architecture and Design]Consider storing cryptographic hashes of passwords as an alternative to storing in plaintext.

References

  1. https://cwe.mitre.org/data/definitions/260.html

(incoming)4

TypeTargetConfidenceTier
VulnerabilityCVE-2025-25022cve-2025-250220%live
VulnerabilityCVE-2025-32111cve-2025-321110%live
VulnerabilityCVE-2025-57754cve-2025-577540%live
VulnerabilityCVE-2025-6513cve-2025-65130%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Use of Hard-coded Password
CWE
Cleartext Storage in a File or on Disk
CWE
Use of Default Password
CWE
Plaintext Storage of a Password
CWE
Use of Weak Credentials
CWE
Use of Default Credentials
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.