Description
The J2EE application stores a plaintext password in a configuration file.
Extended Description
Storing a plaintext password in a configuration file allows anyone who can read the file to access the password-protected resource, making it an easy target for attackers.
CVE vulnerabilities with CWE-555 (2)
6.3
CVSS
MEDIUM
CVE-2025-46119
pub. 2025-07-21
4.3
CVSS
MEDIUM
CVE-2023-20059
pub. 2023-03-23