Password in configuration file¶
ID: cs/password-in-configuration Kind: problem Severity: warning Precision: medium Tags: - security - external/cwe/cwe-13 - external/cwe/cwe-256 - external/cwe/cwe-313 Query suites: - csharp-security-extended.qls - csharp-security-and-quality.qls
Click to see the query in the CodeQL repository
Storing a plaintext password in a configuration file allows anyone who can read the file to access the password-protected resources. Therefore it is a common attack vector.
Passwords stored in configuration files should be encrypted.