CWE-260

Password in Configuration File

The product stores a password in a configuration file that might be accessible to actors who do not know the password.

Mitigation

Phase: Architecture and Design

Description:

  • Avoid storing passwords in easily accessible locations.
Mitigation

Phase: Architecture and Design

Description:

  • Consider storing cryptographic hashes of passwords as an alternative to storing in plaintext.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page