.cfg and .ini files
When scrutinizing new applications, or conducting a security audit of the programs on a PC, search for passwords stored in configuration files. Configuration files commonly use the file extensions - .ini and .cfg. Their purpose is to store the initial settings for applications. Programmers often make the mistake of using them to store passwords, which causes a cyber security vulnerability.
A configuration file used with a Java web based application may contain lines like these:
If passwords are part of a configuration file they should be encrypted.