Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
ASP.NET connection strings stored in plaintext - Vulnerability Database

ASP.NET connection strings stored in plaintext

Description

This web application is storing some connection strings in plaintext inside the web.config file. This is not recommended as an attacker might gain access to this file using a path traversal (or similar) vulnerabilities. It's recommended to use Protected Configuration to improve the security of your application by encrypting sensitive information that is stored in the web.config file.

Remediation

ASP.NET provides a feature called <strong>Protected Configuration</strong>, which enables you to encrypt sensitive information in a configuration file. It's recommended to use this feature to encrypt sensitive information that is stored in the <strong>web.config</strong> file.

References

Encrypting Configuration Information Using Protected Configuration
Connection Strings and Configuration Files

Related Vulnerabilities

Trace.axd Detected High
Common tags: Configuration Information Disclosure
Nuxt.js Running in Development Mode Low
Common tags: Configuration Information Disclosure
Laravel Terminal open High
Common tags: Configuration Information Disclosure
Core dump file High
Common tags: Configuration Information Disclosure
GoCD information disclosure (CVE-2021-43287) High
Common tags: Configuration Information Disclosure

Severity

High

Classification

CWE-16
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration
Information Disclosure