目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CWE-258 配置文件中缺省空口令 类漏洞列表 9

CWE-258 配置文件中缺省空口令 类弱点 9 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-258指配置文件中存在空密码漏洞,属于凭证管理不当类型。攻击者可利用此缺陷直接访问受保护资源,无需破解密码即可获取系统权限或敏感数据。开发者应避免在配置文件、脚本或数据库中明文存储空密码,强制实施强密码策略,确保所有账户均设置复杂且唯一的凭据,并定期审查配置以消除此类安全隐患。

MITRE CWE 官方描述
CWE:CWE-258 配置文件中的空密码(Empty Password) 英文:使用空字符串(Empty String)作为密码是不安全的。
常见影响 (1)
Access ControlGain Privileges or Assume Identity
缓解措施 (1)
System ConfigurationPasswords should be at least eight characters long -- the longer the better. Avoid passwords that are in any way similar to other passwords you have. Avoid using words that may be found in a dictionary, names book, on a map, etc. Consider incorporating numbers and/or punctuation into your password. If you do use common words, consider replacing letters in that word with numbers and punctuation. Ho…
代码示例 (1)
The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but the password is provided as an empty string.
# Java Web App ResourceBundle properties file ... webapp.ldap.username=secretUsername webapp.ldap.password= ...
Bad · Java
... <connectionStrings> <add name="ud_DEV" connectionString="connectDB=uDB; uid=db2admin; pwd=; dbalias=uDB;" providerName="System.Data.Odbc" /> </connectionStrings> ...
Bad · ASP.NET
CVE ID标题CVSS风险等级Published
CVE-2025-9276 Cockroach Labs cockroach-k8s-request-cert 安全漏洞 — cockroach-k8s-request-cert 9.8 -2025-09-02
CVE-2025-4395 Medtronic MyCareLink Patient Monitor 安全漏洞 — MyCareLink Patient Monitor 24950 6.8 Medium2025-07-24
CVE-2024-35137 IBM Security Access Manager 安全漏洞 — Security Verify Access Docker 6.2 Medium2024-06-28
CVE-2024-4106 Yokogawa FAST/TOOLS 安全漏洞 — FAST/TOOLS 5.3 Medium2024-06-26
CVE-2023-43016 IBM Security Access Manager Container 安全漏洞 — Security Verify Access Appliance 7.3 High2024-02-03
CVE-2023-39439 SAP Commerce 安全漏洞 — SAP Commerce 8.8 High2023-08-08
CVE-2020-29478 Broadcom CA Service Catalog 安全漏洞 — CA Service Catalog 7.5 -2021-01-05
CVE-2019-5021 Alpine Linux Docker 安全漏洞 — Alpine Linux 9.8 -2019-05-08
CVE-2018-17914 Schneider Electric InduSoft Web Studio和InTouch Edge HMI 安全漏洞 — InduSoft Web Studio, and InTouch Edge HMI (formerly InTouch Machine Edition) 9.8 -2018-11-02

CWE-258(配置文件中缺省空口令) 是常见的弱点类别,本平台收录该类弱点关联的 9 条 CVE 漏洞。