Common Weakness Enumeration
CWE-13
AllowedASP.NET Misconfiguration: Password in Configuration File
Abstraction: Variant · Status: Draft
Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource making them an easy target for attackers.
0 vulnerabilities reference this CWE, most recent first.
No vulnerabilities reference this CWE.
Mitigation
Implementation
Credentials stored in configuration files should be encrypted, Use standard APIs and industry accepted algorithms to encrypt the credentials stored in configuration files.
No CAPEC attack patterns related to this CWE.