CWE-261 - Weak Encoding for Password
- Abstraction:Base
- Structure:Simple
- Status:Incomplete
- Release Date:2006-07-19
- Latest Modification Date:2023-06-29
Weakness Name
Weak Encoding for Password
Description
Obscuring a password with a trivial encoding does not protect the password.
Password management issues occur when a password is stored in plaintext in an application's properties or configuration file. A programmer can attempt to remedy the password management problem by obscuring the password with an encoding function, such as base 64 encoding, but this effort does not adequately protect the password.
Common Consequences
Scope: Access Control
Impact: Gain Privileges or Assume Identity
