CWE-13

ASP.NET Misconfiguration: Password in Configuration File

AI Translation Available

Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource making them an easy target for attackers.

Status

draft

Abstraction

variant

Affected Platforms

ASP.NET

Technical Details

AI Translation

Common Consequences

access control

Impacts

gain privileges or assume identity

Potential Mitigations

Phases:

implementation

Descriptions:

• Credentials stored in configuration files should be encrypted, Use standard APIs and industry accepted algorithms to encrypt the credentials stored in configuration files.

AI Generated Translation

Common Consequences

controllo degli accessi

Impacts

ottenere privilegi o assumere identità

Potential Mitigations

Phases:

implementazione

Descriptions:

• Le credenziali archiviate nei file di configurazione dovrebbero essere crittografate. Utilizzare API standard e algoritmi accettati dal settore per crittografare le credenziali memorizzate nei file di configurazione.

CWE-13

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter