CodeQL documentation

Empty password in configuration file

ID: js/empty-password-in-configuration-file
Kind: problem
Security severity: 7.5
Severity: warning
Precision: medium
Tags:
   - security
   - external/cwe/cwe-258
   - external/cwe/cwe-862
Query suites:
   - javascript-security-extended.qls
   - javascript-security-and-quality.qls

Click to see the query in the CodeQL repository

The use of an empty string as a password in a configuration file is not secure.

Recommendation

Choose a strong password and encrypt it if it has to be stored in a configuration file.

References

  • Common Weakness Enumeration: CWE-258.

  • Common Weakness Enumeration: CWE-862.

  • © GitHub, Inc.
  • Terms
  • Privacy