CWE-258 - Empty Password in Configuration File

Home/CWEs/CWE info/

CWE-258 High

Abstraction:
Variant

Structure:
Simple

Status:
Incomplete

Weakness Name: Empty Password in Configuration File

Description: Using an empty string as a password is insecure.

Common Consequences: Scope: Access Control
Impact: Gain Privileges or Assume Identity

Related Weaknesses

CWE-260Password in Configuration File

CWE-521Weak Password Requirements

Release Date:
2006-07-19

Latest Modification Date:
2023-10-26

Top Security News

CWE top 25 most dangerous software weaknesses

Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor

Windows 11 KB5046740 update released with 14 changes and fixes

APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware

Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs

Download: CIS Critical Security Controls v8.1

Hackers now use AppDomain Injection to drop CobaltStrike beacons

Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority

Common Alerts

LowX-Debug-Token Information Leak

HighGeneric Padding Oracle

LowCookie with Invalid SameSite Attribute

InformationalCross Site Scripting (Persistent) - Prime

HighHeartbleed OpenSSL Vulnerability

InformationalContent Security Policy (CSP) Report-Only Header Found

InformationalInformation Disclosure - Suspicious Comments in XML via WebSocket

LowPrivate IP Disclosure via WebSocket

MediumX-ChromeLogger-Data (XCOLD) Header Information Leak

InformationalSec-Fetch-Dest Header is Missing

Top CVE List

CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability

CVE-2019-15949 Nagios XI Remote Code Execution Vulnerability

CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability

CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

CVE-2021-26858 Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability

Top CWE List

CWE-328 Use of Weak Hash

CWE-15 External Control of System or Configuration Setting

CWE-579 J2EE Bad Practices: Non-serializable Object Stored in Session

CWE-1426 Improper Validation of Generative AI Output

MediumCWE-250 Execution with Unnecessary Privileges

CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

HighCWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-1245 Improper Finite State Machines (FSMs) in Hardware Logic

MediumCWE-190 Integer Overflow or Wraparound

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Free security scan for your website

Don't show website scan report rating on the leaderboard

CWE-258 - Empty Password in Configuration File

Using an empty string as a password is insecure.