Back to CWE list
CWE-13
ASP.NET Misconfiguration: Password in Configuration File
Variant
Draft
Description
Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource making them an easy target for attackers.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Access Control
Impact
Gain Privileges or Assume Identity
Potential Mitigations
Implementation
Credentials stored in configuration files should be encrypted, Use standard APIs and industry accepted algorithms to encrypt the credentials stored in configuration files.
Applicable Platforms
ASP.NET
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now