The J2EE application stores a plaintext password in a configuration file.
Storing a plaintext password in a configuration file allows anyone who can read the file to access the password-protected resource, making it an easy target for attackers.
|Access Control||Bypass Protection Mechanism|
Do not hardwire passwords into your software.
Use industry standard libraries to encrypt passwords before storage in configuration files.
Below is a snippet from a Java properties file in which the LDAP server password is stored in plaintext.