CWE-555

J2EE Misconfiguration: Plaintext Password in Configuration File

The J2EE application stores a plaintext password in a configuration file.

Mitigation

Phase: Architecture and Design

Description:

  • Do not hardwire passwords into your software.
Mitigation

Phase: Architecture and Design

Description:

  • Use industry standard libraries to encrypt passwords before storage in configuration files.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page