ASP.NET login credentials stored in plain text (AcuSensor)

  • The login credentials for this web application are stored in plain text in the configuration file Web.config. Storing login credentials in plaintext in a configuration file is not secure. Anyone with read access to the Web.config file could access the authenticated Web application.
  • The most secure way to store login credentials is to not store them in the configuration file. Remove the element from your Web.config files in production applications.