The login credentials for this web application are stored in plain text in the configuration file Web.config. Storing login credentials in plaintext in a configuration file is not secure. Anyone with read access to the Web.config file could access the authenticated Web application.


The most secure way to store login credentials is to not store them in the configuration file. Remove the <credentials> element from your Web.config files in production applications.

Related Vulnerabilities