CWE-555: J2EE Misconfiguration: Plaintext Password in Configuration File
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The J2EE application stores a plaintext password in a configuration file.
扩展描述
Storing a plaintext password in a configuration file allows anyone who can read the file to access the password-protected resource, making it an easy target for attackers.
常见后果
影响范围: Access Control
技术影响: Bypass Protection Mechanism
潜在缓解措施
阶段: Architecture and Design
描述: Do not hardwire passwords into your software.
阶段: Architecture and Design
描述: Use industry standard libraries to encrypt passwords before storage in configuration files.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | - |