Read Time:24 Second
Description
Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource making them an easy target for attackers.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
Consequences
Access Control: Gain Privileges or Assume Identity
Potential Mitigations
Phase: Implementation
Description:
Credentials stored in configuration files should be encrypted, Use standard APIs and industry accepted algorithms to encrypt the credentials stored in configuration files.