CWE-260 - Password in Configuration File

CWE-260

Abstraction:
Base

Structure:
Simple

Status:
Incomplete

Weakness Name: Password in Configuration File

Description: The product stores a password in a configuration file that might be accessible to actors who do not know the password.
This can result in compromise of the system for which the password is used. An attacker could gain access to this file and learn the stored password or worse yet, change the password to one of their choosing.

Common Consequences: Scope: Access Control
Impact: Gain Privileges or Assume Identity

Related Weaknesses: CWE-522Insufficiently Protected Credentials

Release Date:
2006-07-19

Latest Modification Date:
2023-10-26

Free security scan for your website

Don't show website scan report rating on the leaderboard