Description

This Spring Boot web application is storing MongoDB credentials in plain text in the properties files via spring.data.mongodb.password=. It's not recommended to store plain text passwords in configuration files.

Remediation

It's recommended to encrypt the credentials using a library like Jasypt. By using Jasypt, you can provide encryption for the property sources and the application can decrypt the encrypted properties and retrieve the original values.

References

Related Vulnerabilities