Password in configuration file¶

Name: Password in configuration file — CodeQL query help documentation
Rating: 4.9 (6542 reviews)

ID: js/password-in-configuration-file Kind: problem Security severity: 7.5 Severity: warning Precision: medium Tags: - security - external/cwe/cwe-256 - external/cwe/cwe-260 - external/cwe/cwe-313 - external/cwe/cwe-522 Query suites: - javascript-security-extended.qls - javascript-security-and-quality.qls 

Click to see the query in the CodeQL repository

Storing a plaintext password in a configuration file allows anyone who can read the file to access the password-protected resources. Therefore it is a common attack vector.

Recommendation¶

Passwords stored in configuration files should always be encrypted.

References¶

Common Weakness Enumeration: CWE-256.
Common Weakness Enumeration: CWE-260.
Common Weakness Enumeration: CWE-313.
Common Weakness Enumeration: CWE-522.

© GitHub, Inc.
Terms
Privacy