Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Spring Boot Misconfiguration: Datasource credentials stored in the properties file - Vulnerability Database

Spring Boot Misconfiguration: Datasource credentials stored in the properties file

Description

This Spring Boot web application is storing datasource credentials in plain text in the properties files via spring.datasource.password=. It's not recommended to store plain text passwords in configuration files.

Remediation

It's recommended to encrypt the credentials using a library like Jasypt. By using Jasypt, you can provide encryption for the property sources and the application can decrypt the encrypted properties and retrieve the original values.

References

Using Encrypted Property Placeholders in Spring Boot
Java Simplified Encryption
Jasypt integration for Spring boot

Related Vulnerabilities

Trace.axd Detected High
Common tags: Configuration
Apache Airflow Experimental API Auth Bypass CVE-2020-13927 High
Common tags: Configuration
Joomla J!Dump extension enabled Medium
Common tags: Configuration
Joomla Debug Console enabled Medium
Common tags: Configuration
Jetty Information Disclosure (CVE-2021-34429) Medium
Common tags: Configuration

Severity

Medium

Classification

CWE-16
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration