Common Weakness Enumeration

CWE-13

Allowed

ASP.NET Misconfiguration: Password in Configuration File

Abstraction: Variant · Status: Draft

Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource making them an easy target for attackers.

0 vulnerabilities reference this CWE, most recent first.

No vulnerabilities reference this CWE.

Mitigation
Implementation

Credentials stored in configuration files should be encrypted, Use standard APIs and industry accepted algorithms to encrypt the credentials stored in configuration files.

No CAPEC attack patterns related to this CWE.