CodeQL documentation
CodeQL resources

Empty password in configuration file

ID: js/empty-password-in-configuration-file
Kind: problem
Security severity: 7.5
Severity: warning
Precision: medium
Tags:
   - security
   - external/cwe/cwe-258
   - external/cwe/cwe-862
Query suites:
   - javascript-security-extended.qls
   - javascript-security-and-quality.qls

Click to see the query in the CodeQL repository

The use of an empty string as a password in a configuration file is not secure.

Recommendation

Choose a strong password and encrypt it if it has to be stored in a configuration file.

References

  • Common Weakness Enumeration: CWE-258.

  • Common Weakness Enumeration: CWE-862.

  • © GitHub, Inc.
  • Terms
  • Privacy
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy