CWE-260

Password in Configuration File

AI Translation Available

The product stores a password in a configuration file that might be accessible to actors who do not know the password.

Status

incomplete

Abstraction

base

Affected Platforms

Extended Description

AI Translation

This can result in compromise of the system for which the password is used. An attacker could gain access to this file and learn the stored password or worse yet, change the password to one of their choosing.

Technical Details

AI Translation

Common Consequences

access control

Impacts

gain privileges or assume identity

Detection Methods

automated static analysis

Potential Mitigations

Phases:

architecture and design

Descriptions:

• Avoid storing passwords in easily accessible locations.

• Consider storing cryptographic hashes of passwords as an alternative to storing in plaintext.

AI Generated Translation

Common Consequences

controllo degli accessi

Impacts

ottenere privilegi o assumere identità

Detection Methods

analisi statica automatizzata

Potential Mitigations

Phases:

architettura e design

Descriptions:

• Evita di archiviare le password in posizioni facilmente accessibili.

• Considera di memorizzare gli hash crittografici delle password come alternativa alla memorizzazione in testo semplice.

CWE-260

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter