CWE-555 2 CVEs MITRE definition ↗

CWE-555: J2EE Misconfiguration: Plaintext Password in Configuration File

Overview

CWE-555 (J2EE Misconfiguration: Plaintext Password in Configuration File) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact
Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

The J2EE application stores a plaintext password in a configuration file.

Applicable platforms

Kind Name Class Prevalence OS / CPE
language Java Undetermined

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE Published Summary
CVE-2025-46119 2025-07-21 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management en…
CVE-2023-20059 2023-03-23 A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The …

Previous names

  • J2EE Misconfiguration: Password in Configuration File (2008-04-11)

Content submission

Name
Anonymous Tool Vendor (under NDA)
Date
2006-07-19
Version
Draft 3

Content modifications

Date Name Version Importance Comment
2008-07-01 Sean Eidemiller 1.0 added/updated demonstrative examples
2008-07-01 Eric Dalci 1.0 updated Potential_Mitigations, Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Description, Relationships, Taxonomy_Mappings
2011-03-29 CWE Content Team 1.12 updated Description
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2014-07-30 CWE Content Team 2.8 updated Relationships
2017-11-08 CWE Content Team 3.0 updated Taxonomy_Mappings
2020-02-24 CWE Content Team 4.0 updated Relationships
2020-08-20 CWE Content Team 4.2 updated Relationships
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Weakness_Ordinalities
cvelogic Threat Intelligence