CWE-555
Overview
- CWE ID
- 555
- CWE Name
- J2EE Misconfiguration: Plaintext Password in Configuration File
- CWE Abstraction
- Variant
- CWE structure
- Simple
- CWE Status
- Draft
Description
The J2EE application stores a plaintext password in a configuration file.
Extended Description
Storing a plaintext password in a configuration file allows anyone who can read the file to access the password-protected resource, making it an easy target for attackers.
Related CWEs
| CWE ID | View ID | Nature | Ordinal |
|---|---|---|---|
| 260 | 1000 | ChildOf | Primary |
Related CVEs
| CVE |
|---|
| CVE-2023-20059 |