H3-2024-0060¶

Insecure Storage of Connection Strings in Application Properties

Description¶

The application stores sensitive connection strings, including credentials, in application properties or configuration files without adequate protection.

Impact¶

This can lead to unauthorized access if these properties are exposed or accessed by unauthorized individuals.

References¶

• CWE-312: Cleartext Storage of Sensitive Information
• Microsoft Docs: Best practices for Azure Key Vault
• Microsoft Docs: Developer best practices for Azure Key Vault
• MITRE ATT&CK Technique: T1552.001: Unsecured Credentials: Credentials In Files