CWE-555

J2EE Misconfiguration: Plaintext Password in Configuration File

AI Translation Available

The J2EE application stores a plaintext password in a configuration file.

Status

draft

Abstraction

variant

Affected Platforms

Java

Extended Description

AI Translation

Storing a plaintext password in a configuration file allows anyone who can read the file to access the password-protected resource, making it an easy target for attackers.

Technical Details

AI Translation

Common Consequences

access control

Impacts

bypass protection mechanism

Potential Mitigations

Phases:

architecture and design

Descriptions:

• Do not hardwire passwords into your software.

• Use industry standard libraries to encrypt passwords before storage in configuration files.

AI Generated Translation

Common Consequences

controllo degli accessi

Impacts

elusione del meccanismo di protezione

Potential Mitigations

Phases:

architettura e design

Descriptions:

• Non inserire password hardcoded nel tuo software.

• Utilizzare librerie standard del settore per crittografare le password prima di archiviarle nei file di configurazione.

CWE-555

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter