Back to CWE list
CWE-555
J2EE Misconfiguration: Plaintext Password in Configuration File
Variant
Draft
Description
The J2EE application stores a plaintext password in a configuration file.
Storing a plaintext password in a configuration file allows anyone who can read the file to access the password-protected resource, making it an easy target for attackers.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Access Control
Impact
Bypass Protection Mechanism
Potential Mitigations
Architecture and Design
Do not hardwire passwords into your software.
Architecture and Design
Use industry standard libraries to encrypt passwords before storage in configuration files.
Applicable Platforms
Java
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now