CWE-260 - Password in Configuration File

Description

The software stores a password in a configuration file that might be accessible to actors who do not know the password. This can result in compromise of the system for which the password is used. An attacker could gain access to this file and learn the stored password or worse yet, change the password to one of their choosing. The weakness is introduced during Architecture and Design, Implementation stages.

Latest vulnerabilities for CWE-260

Multiple vulnerabilities in SonicWall GMS and Analytics 2023-07-18
High Yes

Multiple vulnerabilities in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump 2017-09-11
High No

Privilege escalation in Hikvision Cameras 2017-03-10
Medium Yes

References

Description of CWE-260 on Mitre website