CodeQL documentation

Empty password in configuration file

ID: cs/empty-password-in-configuration
Kind: problem
Severity: warning
Precision: medium
Tags:
   - security
   - external/cwe/cwe-258
   - external/cwe/cwe-862
Query suites:
   - csharp-security-extended.qls
   - csharp-security-and-quality.qls

Click to see the query in the CodeQL repository

The use of an empty string as a password in a configuration file is not secure.

Recommendation

Choose a proper password and encrypt it if you need to store it in the configuration file.

References

  • Common Weakness Enumeration: CWE-258.
  • Common Weakness Enumeration: CWE-862.