ASP.NET Login Credentials Stored In Plain Text

Severity: Medium
Summary#

Invicti detected that the ASP.NET application stores login credentials in plain text.

Impact#

When the ASP.NET application stores login credentials in plain text inside of web.config file, an attacker who has access to this file can use login credentials to compromise the application.

Actions To Take#

The most secure way to store login credentials is not to store them in the configuration file. Remove the element from your Web.config files in production applications.

OR

Search Vulnerability

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works