logo

CWE-555 - J2EE Misconfiguration: Plaintext Password in Configuration File

CWE-555

  • Abstraction:
  • Variant
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

J2EE Misconfiguration: Plaintext Password in Configuration File

Description

The J2EE application stores a plaintext password in a configuration file.

Storing a plaintext password in a configuration file allows anyone who can read the file to access the password-protected resource, making it an easy target for attackers.

Common Consequences

Scope: Access Control

Impact: Bypass Protection Mechanism

Related Weaknesses
  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website