CWE-261 - Weak Encoding for Password

CWE-261

Abstraction:
Base

Structure:
Simple

Status:
Incomplete

Weakness Name: Weak Encoding for Password

Description: Obscuring a password with a trivial encoding does not protect the password.
Password management issues occur when a password is stored in plaintext in an application's properties or configuration file. A programmer can attempt to remedy the password management problem by obscuring the password with an encoding function, such as base 64 encoding, but this effort does not adequately protect the password.

Common Consequences: Scope: Access Control
Impact: Gain Privileges or Assume Identity

Related Weaknesses: CWE-522Insufficiently Protected Credentials

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard