H3-2024-0060¶

Insecure Storage of Connection Strings in Application Properties

Description¶

This weakness affects applications that store sensitive connection strings, including credentials, in application properties or configuration files without adequate protection.

Impact¶

This can lead to unauthorized access if these properties are exposed or accessed by unauthorized individuals.

References¶

• CWE-312: Cleartext Storage of Sensitive Information
• Microsoft Docs: Secure Your Azure Key Vault
• Microsoft Docs: Authentication in Azure Key Vault
• MITRE ATT&CK Technique: T1552.001: Unsecured Credentials: Credentials In Files