CWE-261

Weak Encoding for Password

AI Translation Available

Obscuring a password with a trivial encoding does not protect the password.

Status

incomplete

Abstraction

base

Affected Platforms

Extended Description

AI Translation

Password management issues occur when a password is stored in plaintext in an application's properties or configuration file. A programmer can attempt to remedy the password management problem by obscuring the password with an encoding function, such as base 64 encoding, but this effort does not adequately protect the password.

Technical Details

AI Translation

Common Consequences

access control

Impacts

gain privileges or assume identity

Detection Methods

automated static analysis

Potential Mitigations

Descriptions:

• Passwords should be encrypted with keys that are at least 128 bits in length for adequate security.

CWE-261

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter