Empty password in configuration file¶
ID: js/empty-password-in-configuration-file
Kind: problem
Security severity: 7.5
Severity: warning
Precision: medium
Tags:
- security
- external/cwe/cwe-258
- external/cwe/cwe-862
Query suites:
- javascript-security-extended.qls
- javascript-security-and-quality.qls
Click to see the query in the CodeQL repository
The use of an empty string as a password in a configuration file is not secure.
Recommendation¶
Choose a strong password and encrypt it if it has to be stored in a configuration file.