CWE-555: J2EE Misconfiguration: Plaintext Password in Configuration File

The J2EE application stores a plaintext password in a configuration file.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

Storing a plaintext password in a configuration file allows anyone who can read the file to access the password-protected resource, making it an easy target for attackers.

Real-world CVEs

2 recorded CVEs are caused by CWE-555 (J2EE Misconfiguration: Plaintext Password in Configuration File). The highest-severity and most recent are shown first. 0 new CWE-555 CVEs have been recorded so far in 2026 (1 in 2025).

CWE-555: J2EE Misconfiguration: Plaintext Password in Configuration File

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Code examples

Frequently asked questions

What is CWE-555?

What CVEs are caused by CWE-555?

How do you prevent CWE-555?

What are the consequences of CWE-555?

Is CWE-555 actively exploited?

References

Stay ahead of CWE-555

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Code examples

Related weaknesses

Parent

Frequently asked questions

What is CWE-555?

What CVEs are caused by CWE-555?

How do you prevent CWE-555?

What are the consequences of CWE-555?

Is CWE-555 actively exploited?

References

Stay ahead of CWE-555