Description
This web application is storing some connection strings in plaintext inside the web.config file. This is not recommended as an attacker might gain access to this file using a path traversal (or similar) vulnerabilities. It's recommended to use Protected Configuration to improve the security of your application by encrypting sensitive information that is stored in the web.config file.
Remediation
ASP.NET provides a feature called Protected Configuration, which enables you to encrypt sensitive information in a configuration file. It's recommended to use this feature to encrypt sensitive information that is stored in the web.config file.
References
Related Vulnerabilities
WordPress Plugin cloudsafe365_for_WP 'file' Parameter Remote File Disclosure (1.46)
WordPress Plugin Quick Buy For Woocommerce Arbitrary File Disclosure (2.0)
Spring Boot Misconfiguration: Datasource credentials stored in the properties file
Atlassian Jira insecure REST permissions
WordPress Plugin WP Mobile Edition Arbitrary File Disclosure (2.2.7)