VariantDraft

CWE-555J2EE Misconfiguration: Plaintext Password in Configuration File

Category: auth

Description

The J2EE application stores a plaintext password in a configuration file. Storing a plaintext password in a configuration file allows anyone who can read the file to access the password-protected resource, making it an easy target for attackers.

Common consequences· 1

  • Access Control — Bypass Protection Mechanism

Potential mitigations· 2

  • [Architecture and Design]Do not hardwire passwords into your software.
  • [Architecture and Design]Use industry standard libraries to encrypt passwords before storage in configuration files.

References

  1. https://cwe.mitre.org/data/definitions/555.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
ASP.NET Misconfiguration: Password in Configuration File
CWE
J2EE Misconfiguration: Data Transmission Without Encryption
CWE
J2EE Misconfiguration: Missing Custom Error Page
CWE
J2EE Misconfiguration: Entity Bean Declared Remote
CWE
J2EE Misconfiguration: Weak Access Permissions for EJB Methods
CWE
J2EE Misconfiguration: Insufficient Session-ID Length
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.