CWE-13:ASP.NET Misconfiguration: Password in Configuration File

概覽

CWE-13(ASP.NET Misconfiguration: Password in Configuration File)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource making them an easy target for attackers.

適用平台

類型 名稱 普遍性 OS / CPE
language ASP.NET Undetermined

內容提交

名稱
7 Pernicious Kingdoms
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated References, Demonstrative_Example, Potential_Mitigations, Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Relationships, References, Taxonomy_Mappings
2009-07-27 CWE Content Team 1.5 updated Demonstrative_Examples
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Relationships
2012-10-30 CWE Content Team 2.3 updated Demonstrative_Examples
2013-02-21 CWE Content Team 2.4 updated Potential_Mitigations
2014-07-30 CWE Content Team 2.8 updated Demonstrative_Examples, Relationships
2017-11-08 CWE Content Team 3.0 updated Relationships
2018-03-27 CWE Content Team 3.1 updated Demonstrative_Examples
2020-02-24 CWE Content Team 4.0 updated References, Relationships
2021-03-15 CWE Content Team 4.4 updated Demonstrative_Examples
2021-10-28 CWE Content Team 4.6 updated Relationships
2023-04-27 CWE Content Team 4.11 updated References, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Relationships, Weakness_Ordinalities
cvelogic Threat Intelligence