Password in configuration file¶
ID: cs/password-in-configuration Kind: problem Security severity: 7.5 Severity: warning Precision: medium Tags: - security - external/cwe/cwe-13 - external/cwe/cwe-256 - external/cwe/cwe-313 Query suites: - csharp-security-extended.qls - csharp-security-and-quality.qls
Storing a plaintext password in a configuration file allows anyone who can read the file to access the password-protected resources. Therefore it is a common attack vector.
Passwords stored in configuration files should be encrypted.