CWE-261 - Weak Encoding for Password
CWE-261
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Incomplete
- Weakness Name
Weak Encoding for Password
- Description
Obscuring a password with a trivial encoding does not protect the password.
Password management issues occur when a password is stored in plaintext in an application's properties or configuration file. A programmer can attempt to remedy the password management problem by obscuring the password with an encoding function, such as base 64 encoding, but this effort does not adequately protect the password.
- Common Consequences
Scope: Access Control
Impact: Gain Privileges or Assume Identity
- Related Weaknesses
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2023-06-29
Free security scan for your website