CWE-258 - Empty Password in Configuration File

Home/CWEs/CWE info/

CWE-258 High

Abstraction:
Variant

Structure:
Simple

Status:
Incomplete

Weakness Name: Empty Password in Configuration File

Description: Using an empty string as a password is insecure.

Common Consequences: Scope: Access Control
Impact: Gain Privileges or Assume Identity

Related Weaknesses

CWE-260Password in Configuration File

CWE-521Weak Password Requirements

Release Date:
2006-07-19

Latest Modification Date:
2023-10-26

Latest Security News

Windows 11 24H2 update blocked on PCs with Assassin's Creed, Star Wars Outlaws

Microsoft testing Windows 11 support for third-party passkeys

Hackers abuse Avast anti-rootkit driver to disable defenses

Google Exposes GLASSBRIDGE: A Pro-China Influence Network of Fake News Sites

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

Windows 10 KB5046714 update fixes bug preventing app uninstalls

Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs

APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware

Top Alert List

MediumAbsence of Anti-CSRF Tokens

MediumDirectory Browsing

InformationalInformation Disclosure - Suspicious Comments

Content Security Policy (CSP) Header Not Set

InformationalModern Web Application

LowServer Leaks Information via "X-Powered-By" HTTP Response Header Field(s)

LowCookie without SameSite Attribute

Cross-Domain Misconfiguration

MediumMissing Anti-clickjacking Header

CSP

Latest CVE List

CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability

CVE-2024-44309 Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability

CVE-2024-21287 Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability

CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability

CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability

Top CWE List

CWE-328 Use of Weak Hash

CWE-15 External Control of System or Configuration Setting

CWE-579 J2EE Bad Practices: Non-serializable Object Stored in Session

CWE-1426 Improper Validation of Generative AI Output

MediumCWE-250 Execution with Unnecessary Privileges

CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

HighCWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-1245 Improper Finite State Machines (FSMs) in Hardware Logic

MediumCWE-190 Integer Overflow or Wraparound

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Free security scan for your website

Don't show website scan report rating on the leaderboard

CWE-258 - Empty Password in Configuration File

Using an empty string as a password is insecure.