CWE-256 - Unprotected Storage of Credentials

Description

Storing a password in plaintext may result in a system compromise. Password management issues occur when a password is stored in plaintext in an application's properties or configuration file. Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource. This weakness is caused by missing a security tactic during the architecture and design phase. Developers sometimes believe that they cannot defend the application from someone who has access to the configuration, but this belief makes an attacker's job easier.

Latest vulnerabilities for CWE-256

Unprotected storage of credentials in IBM Aspera Faspex 2024-04-19
Low Yes

Multiple vulnerabilities in Siemens RUGGEDCOM APE1808 2024-04-15
Medium No

Multiple vulnerabilities in BUFFALO wireless LAN routers 2024-04-15
Low Yes

Multiple vulnerabilities in Automation-Direct C-MORE EA9 HMI 2024-03-27
Medium Yes

Multiple vulnerabilities in Bosch Remote Programing Software 2024-03-13
Medium Yes

Multiple vulnerabilities in Netcool Operations Insight 2024-02-05
High Yes

Multiple vulnerabilities in Dell Networker 2024-01-30
High Yes

Multiple vulnerabilities in Rapid Software Rapid SCADA 2024-01-12
High No

Credentials disclosure in PAN-OS 2023-12-13
Low Yes

Unprotected storage of credentials in IBM API Connect 2023-12-08
Low Yes

References

Description of CWE-256 on Mitre website