Read Time:28 Second
Description
The J2EE application stores a plaintext password in a configuration file.
Storing a plaintext password in a configuration file allows anyone who can read the file to access the password-protected resource, making it an easy target for attackers.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
Consequences
Access Control: Bypass Protection Mechanism
Potential Mitigations
Phase: Architecture and Design
Description:
Do not hardwire passwords into your software.
Phase: Architecture and Design
Description:
Use industry standard libraries to encrypt passwords before storage in configuration files.