mirror of
https://github.com/github/codeql.git
synced 2025-12-19 18:33:16 +01:00
18 lines
417 B
XML
18 lines
417 B
XML
<!DOCTYPE qhelp PUBLIC
|
|
"-//Semmle//qhelp//EN"
|
|
"qhelp.dtd">
|
|
<qhelp>
|
|
<overview>
|
|
<p>Storing a plaintext password in a configuration file allows anyone who can read the file to
|
|
access the password-protected resources. Therefore it is a common attack vector.</p>
|
|
|
|
</overview>
|
|
<recommendation>
|
|
<p>Passwords stored in configuration files should be encrypted.</p>
|
|
|
|
</recommendation>
|
|
<references>
|
|
|
|
</references>
|
|
</qhelp>
|