CWE · MITRE source
CWE-260Password in Configuration File
The product stores a password in a configuration file that might be accessible to actors who do not know the password.
This can result in compromise of the system for which the password is used. An attacker could gain access to this file and learn the stored password or worse yet, change the password to one of their choosing.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2017-7925 | 6.8 | 9.8 | 0.8041 | 2017-05-06 |
CVE-2023-34128 | 2.0 | 9.8 | 0.0026 | 2023-07-13 |
CVE-2025-57754 | 2.0 | 9.8 | 0.0010 | 2025-08-21 |
CVE-2025-25022 | 1.9 | 9.6 | 0.0012 | 2025-06-03 |
CVE-2025-6513 | 1.9 | 9.3 | 0.0009 | 2025-06-23 |
CVE-2017-7923 | 1.8 | 8.8 | 0.0055 | 2017-05-06 |
CVE-2019-3780 | 1.8 | 8.8 | 0.0038 | 2019-03-08 |
CVE-2025-32111 | 1.8 | 8.7 | 0.0018 | 2025-04-04 |
CVE-2021-35033 | 1.6 | 7.8 | 0.0011 | 2021-11-23 |
CVE-2025-33093 | 1.5 | 7.5 | 0.0022 | 2025-05-07 |
CVE-2023-53770 | 1.5 | 7.5 | 0.0026 | 2025-12-09 |
CVE-2019-25465 | 1.5 | 7.5 | 0.0040 | 2026-03-11 |
CVE-2025-33119 | 1.3 | 6.5 | 0.0003 | 2025-11-12 |
CVE-2016-7043 | 1.2 | 5.9 | 0.0023 | 2019-05-15 |
CVE-2020-5721 | 1.1 | 5.5 | 0.0010 | 2020-04-15 |
CVE-2024-45673 | 1.1 | 5.5 | 0.0003 | 2025-02-21 |
CVE-2025-51540 | 1.1 | 5.3 | 0.0006 | 2025-08-19 |
CVE-2025-36002 | 1.1 | 5.5 | 0.0001 | 2025-10-16 |
CVE-2025-36100 | 1.0 | 5.1 | 0.0001 | 2025-09-07 |
CVE-2024-49817 | 0.9 | 4.4 | 0.0004 | 2024-12-17 |
CVE-2025-15151 | 0.7 | 3.7 | 0.0005 | 2025-12-28 |
CVE-2023-2790 | 0.5 | 2.3 | 0.0003 | 2023-05-18 |
CVE-2014-5400 | 0.0 | 0.0 | 0.0006 | 2015-04-03 |
CVE-2023-53739 | 0.0 | 0.0 | 0.0032 | 2025-12-09 |