Total
1013 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-4913 | 1 Ibm | 1 Cloud Pak System | 2021-07-21 | 4.4 Medium |
IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288. | ||||
CVE-2019-9104 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2021-07-21 | 7.5 High |
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. The application's configuration file contains parameters that represent passwords in cleartext. | ||||
CVE-2020-4095 | 1 Hcltech | 1 Bigfix Platform | 2021-07-21 | 6.0 Medium |
"BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the credentials. These credentials can be used to pivot further into the environment. The principle of least privilege should be applied to all BigFix deployments, limiting administrative access." | ||||
CVE-2019-6700 | 1 Fortinet | 1 Fortisiem | 2021-07-21 | 6.5 Medium |
An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code. | ||||
CVE-2019-14480 | 1 Adremsoft | 1 Netcrunch | 2021-07-21 | 9.8 Critical |
AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalation of privileges. | ||||
CVE-2017-13771 | 1 Lexmark | 1 Scan To Network | 2021-07-20 | N/A |
Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet. | ||||
CVE-2020-5404 | 1 Pivotal | 1 Reactor Netty | 2021-07-07 | 5.9 Medium |
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects. | ||||
CVE-2019-6452 | 1 Kyocera | 3 Command Center Rx, Taskalfa 4501i, Taskalfa 5052ci | 2021-06-28 | 8.8 High |
Kyocera Command Center RX TASKalfa4501i and TASKalfa5052ci allows remote attackers to abuse the Test button in the machine address book to obtain a cleartext FTP or SMB password. | ||||
CVE-2021-28857 | 1 Tp-link | 2 Tl-wpa4220, Tl-wpa4220 Firmware | 2021-06-23 | 7.5 High |
TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie. | ||||
CVE-2020-15381 | 1 Broadcom | 1 Sannav | 2021-06-15 | 7.5 High |
Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server. | ||||
CVE-2014-4806 | 2 Ibm, Linux | 2 Security Appscan, Linux Kernel | 2021-06-11 | 5.5 Medium |
The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file. | ||||
CVE-2019-11272 | 2 Debian, Vmware | 2 Debian Linux, Spring Security | 2021-06-08 | 7.3 High |
Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null". | ||||
CVE-2019-25030 | 1 Versa-networks | 3 Versa Analytics, Versa Director, Versa Operating System | 2021-06-07 | 5.5 Medium |
In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction (such as MD5 and SHA-1) alone are insufficient in thwarting password cracking. Attackers can generate and use precomputed hashes for all possible password character combinations (commonly referred to as "rainbow tables") relatively quickly. The use of adaptive hashing algorithms such asscryptorbcryptor Key-Derivation Functions (i.e.PBKDF2) to hash passwords make generation of such rainbow tables computationally infeasible. | ||||
CVE-2021-29253 | 1 Rsa | 1 Archer | 2021-06-04 | 5.5 Medium |
The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2) is affected by an insecure credential storage vulnerability. An malicious attacker with access to the Tableau workbook file may obtain access to credential information to use it in further attacks. | ||||
CVE-2020-27839 | 1 Redhat | 1 Ceph | 2021-06-03 | 5.4 Medium |
A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity. | ||||
CVE-2021-20389 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2021-05-25 | 7.8 High |
IBM Security Guardium 11.2 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 195770. | ||||
CVE-2021-20997 | 1 Wago | 10 0852-0303, 0852-0303 Firmware, 0852-1305 and 7 more | 2021-05-20 | 7.5 High |
In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users. | ||||
CVE-2019-11820 | 1 Synology | 1 Calendar | 2021-05-12 | 5.5 Medium |
Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline. | ||||
CVE-2020-25175 | 1 Gehealthcare | 224 1.5t Brivo Mr355, 1.5t Brivo Mr355 Firmware, 3.0t Signa Hd 16 and 221 more | 2021-04-30 | 9.8 Critical |
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network. | ||||
CVE-2021-22115 | 1 Cloudfoundry | 2 Capi-release, Cf-deployment | 2021-04-14 | 6.5 Medium |
Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller. |