CWE-258 - Empty Password in Configuration File

CWE ID:

CWE-258

High

Abstraction:Variant
Structure:Simple
Status:Incomplete

Release Date:2006-07-19
Latest Modification Date:2023-10-26

Weakness Name

Empty Password in Configuration File

Description

Using an empty string as a password is insecure.

Common Consequences

Scope: Access Control

Impact: Gain Privileges or Assume Identity

Related Weaknesses

CWE-260Password in Configuration File

CWE-521Weak Password Requirements