CVEbaza.plCWE DictionaryCWE-555
Common Weakness Enumeration

CWE-555

J2EE Misconfiguration: Plaintext Password in Configuration File

Category: VariantCVE: 2
Description

The J2EE application stores a plaintext password in a configuration file.

Extended Description

Storing a plaintext password in a configuration file allows anyone who can read the file to access the password-protected resource, making it an easy target for attackers.

CVE vulnerabilities with CWE-555 (2)
6.3
CVSS
MEDIUM
CVE-2025-46119

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a trivially reversible obfuscated form. The same obfuscation method persists in configuration prior to 200.18.7.1.302, allowing anyone who obtains the system configuration to recover the plaintext credentials.

pub. 2025-07-21
4.3
CVSS
MEDIUM
CVE-2023-20059

A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper role-based access control (RBAC) with the integration of PnP. An attacker could exploit this vulnerability by authenticating to the device and sending a query to an internal API. A successful exploit could allow the attacker to view sensitive information in clear text, which could include configuration files.

pub. 2023-03-23
Information
ID: CWE-555
Type: Variant
Vulnerabilities: 2
MITRE CWE ↗
← CWE Dictionary
CWE-555 — J2EE Misconfiguration: Plaintext Password in Configuration File | CWE Dictionary | CVEbaza.pl