CWE-256 - Unprotected Storage of Credentials


Storing a password in plaintext may result in a system compromise. Password management issues occur when a password is stored in plaintext in an application's properties or configuration file. Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource. This weakness is caused by missing a security tactic during the architecture and design phase. Developers sometimes believe that they cannot defend the application from someone who has access to the configuration, but this belief makes an attacker's job easier.

Latest vulnerabilities for CWE-256


Description of CWE-256 on Mitre website