Empty password in configuration file — CodeQL query help documentation

ID: js/empty-password-in-configuration-file
Kind: problem
Security severity: 7.5
Severity: warning
Precision: medium
Tags:
   - security
   - external/cwe/cwe-258
   - external/cwe/cwe-862
Query suites:
   - javascript-security-extended.qls
   - javascript-security-and-quality.qls

Click to see the query in the CodeQL repository

The use of an empty string as a password in a configuration file is not secure.

Recommendation¶

Choose a strong password and encrypt it if it has to be stored in a configuration file.

References¶

Common Weakness Enumeration: CWE-258.
Common Weakness Enumeration: CWE-862.