Empty password in configuration file¶

ID: cs/empty-password-in-configuration
Kind: problem
Security severity: 7.8
Severity: warning
Precision: medium
Tags:
   - security
   - external/cwe/cwe-258
   - external/cwe/cwe-862
Query suites:
   - csharp-security-extended.qls
   - csharp-security-and-quality.qls

Click to see the query in the CodeQL repository

The use of an empty string as a password in a configuration file is not secure.

Recommendation¶

Choose a proper password and encrypt it if you need to store it in the configuration file.

References¶

Common Weakness Enumeration: CWE-258.
Common Weakness Enumeration: CWE-862.

© GitHub, Inc.
Terms
Privacy

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Alternative Proxies:

Alternative Proxy