Plaintext Storage of a Password

CWE-256

Overtime trend (NVD)

CVSS severity (NVD, All Time)

Per technology (GHSA, All time)

88%-Maven
6%-Go
2%-Pip
1%-NPM

Short description

Storing a password in plaintext may result in a system compromise.

Extended description

Password management issues occur when a password is stored in plaintext in an application's properties, configuration file, or memory. Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource. In some contexts, even storage of a plaintext password in memory is considered a security risk if the password is not cleared immediately after it is used.

Best practices to prevent this CWE

Phase: Architecture and Design

Avoid storing passwords in easily accessible locations.

Phase: Architecture and Design

Consider storing cryptographic hashes of passwords as an alternative to storing in plaintext.

Phase: undefined

A programmer might attempt to remedy the password management problem by obscuring the password with an encoding function, such as base 64 encoding, but this effort does not adequately protect the password because the encoding can be detected and decoded easily.

Effectiveness: None

Recently published CVEs

CVE-2024-49370
CVE-2024-42496
CVE-2024-31899
CVE-2023-41610
CVE-2024-5960

Recently published GHSA

GHSA-ghgq-x6wc-6jr5
GHSA-q6c7-56cq-g2wm
GHSA-wj85-rg5g-v8jm
GHSA-qf3c-rw9f-jh7v
GHSA-qf3c-rw9f-jh7v

Prioritize and Uncover Reachable Vulnerabilities in Your Application Code

Identify externally reachable data flows and vulnerabilities for effective risk mitigation

Get a Demo