BaseIncomplete

CWE-261Weak Encoding for Password

Category: auth

Description

Obscuring a password with a trivial encoding does not protect the password. Password management issues occur when a password is stored in plaintext in an application's properties or configuration file. A programmer can attempt to remedy the password management problem by obscuring the password with an encoding function, such as base 64 encoding, but this effort does not adequately protect the password.

Common consequences· 1

  • Access Control — Gain Privileges or Assume Identity

Potential mitigations· 1

  • []Passwords should be encrypted with keys that are at least 128 bits in length for adequate security.

Related CAPEC attack patterns· 1

CAPEC-55

References

  1. https://cwe.mitre.org/data/definitions/261.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternRainbow Table Password Crackingcapec-55100%live

(incoming)1

TypeTargetConfidenceTier
VulnerabilityCVE-2025-31229cve-2025-312290%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Storing Passwords in a Recoverable Format
CWE
J2EE Misconfiguration: Plaintext Password in Configuration File
CWE
Plaintext Storage of a Password
CWE
Use of Password Hash Instead of Password for Authentication
CWE
ASP.NET Misconfiguration: Password in Configuration File
CWE
Use of a One-Way Hash without a Salt
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.