CWE-260
Overview
- CWE ID
- 260
- CWE Name
- Password in Configuration File
- CWE Abstraction
- Base
- CWE structure
- Simple
- CWE Status
- Incomplete
Description
The software stores a password in a configuration file that might be accessible to actors who do not know the password.
Extended Description
This can result in compromise of the system for which the password is used. An attacker could gain access to this file and learn the stored password or worse yet, change the password to one of their choosing.
Related CWEs
| CWE ID | View ID | Nature | Ordinal |
|---|---|---|---|
| 522 | 1000 | ChildOf | Primary |