CWE-258 - Empty password in configuration file

Description

Software allows usage of an empty password. Such configuration is insecure by default and may lead to various consequences.

Latest vulnerabilities for CWE-258

Empty Password in Configuration File in FURUNO SYSTEMS ACERA 9010 2024-04-02
Medium Yes
Remote code execution in AVEVA InduSoft Web Studio and InTouch Edge HMI 2018-11-02
High Yes

References

Description of CWE-258 on Mitre website