Empty password in configuration file¶

Name: Empty password in configuration file — CodeQL query help documentation
Rating: 4.6 (1696 reviews)

ID: cs/empty-password-in-configuration Kind: problem Security severity: 7.8 Severity: warning Precision: medium Tags: - security - external/cwe/cwe-258 - external/cwe/cwe-862 Query suites: - csharp-security-extended.qls - csharp-security-and-quality.qls 

Click to see the query in the CodeQL repository

The use of an empty string as a password in a configuration file is not secure.

Recommendation¶

Choose a proper password and encrypt it if you need to store it in the configuration file.

References¶

Common Weakness Enumeration: CWE-258.
Common Weakness Enumeration: CWE-862.

© GitHub, Inc.
Terms
Privacy