Description

The login credentials for this web application are stored in plain text in the configuration file Web.config. Storing login credentials in plaintext in a configuration file is not secure. Anyone with read access to the Web.config file could access the authenticated Web application.

Remediation

The most secure way to store login credentials is to not store them in the configuration file. Remove the <credentials> element from your Web.config files in production applications.

Related Vulnerabilities

JBoss Server MBean

Laravel debug mode enabled

FrontPage Identified

Go web application binary disclosure

Apache Spark Web UI Unauthorized Access Vulnerability

Severity

Medium

Classification

CWE-256 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration