Summary #

Netsparker detected that the ASP.NET application stores login credentials in plain text.

Impact #

When the ASP.NET application stores login credentials in plain text inside of web.config file, an attacker who has access to this file can use login credentials to compromise the application.

Actions To Take #

The most secure way to store login credentials is not to store them in the configuration file. Remove the element from your Web.config files in production applications.

Classifications #
CWE-312; OWASP 2013-A6; OWASP 2017-A3
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

OR

Search Vulnerability

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo