Total
1013 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1000001 | 1 Teampass | 1 Teampass | 2020-08-24 | N/A |
| TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage. | ||||
| CVE-2019-4138 | 1 Ibm | 1 Spectrum Control | 2020-08-24 | N/A |
| IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 158334. | ||||
| CVE-2018-17500 | 1 Envoy | 1 Passport | 2020-08-24 | N/A |
| Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information. | ||||
| CVE-2019-8932 | 1 Rdbrck | 1 Shift | 2020-08-24 | N/A |
| Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application. | ||||
| CVE-2019-14709 | 1 Microdigital | 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more | 2020-08-24 | N/A |
| A cleartext password storage issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The file in question is /usr/local/ipsca/mipsca.db. If a camera is compromised, the attacker can gain access to passwords and abuse them to compromise further systems. | ||||
| CVE-2020-8210 | 1 Citrix | 1 Xenmobile Server | 2020-08-20 | 7.5 High |
| Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account. | ||||
| CVE-2020-9403 | 1 Pactware | 1 Pactware | 2020-08-19 | 5.5 Medium |
| In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in a recoverable format, and may be retrieved by any user with access to the PACTware workstation. | ||||
| CVE-2020-9404 | 1 Pactware | 1 Pactware | 2020-08-18 | 7.1 High |
| In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in an insecure manner, and may be modified by an attacker with no knowledge of the current passwords. | ||||
| CVE-2018-17245 | 1 Elastic | 1 Kibana | 2020-08-14 | N/A |
| Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider. | ||||
| CVE-2020-15661 | 1 Mozilla | 1 Firefox | 2020-08-14 | 6.5 Medium |
| A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for the current domain. This vulnerability affects Firefox for iOS < 28. | ||||
| CVE-2020-2078 | 1 Sick | 1 Package Analytics | 2020-08-03 | 6.5 Medium |
| Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information. | ||||
| CVE-2020-10609 | 1 Grundfos | 1 Cim 500 | 2020-07-30 | 7.5 High |
| Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device. | ||||
| CVE-2020-14489 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2020-07-30 | 7.5 High |
| OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques. | ||||
| CVE-2020-4408 | 1 Ibm | 1 Qradar Advisory | 2020-07-28 | 4.6 Medium |
| The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input, which could be obtained by a physical attacker nearby. IBM X-Force ID: 179536. | ||||
| CVE-2020-4372 | 1 Ibm | 1 Verify Gateway | 2020-07-24 | 7.8 High |
| IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009 | ||||
| CVE-2020-10287 | 1 Abb | 4 Irb140, Irb140 Firmware, Irc5 and 1 more | 2020-07-24 | 9.8 Critical |
| The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documented functionality that helps customer set up however, out of our research, we found multiple production systems running these exact default credentials and consider thereby this an exposure that should be mitigated. Moreover, future deployments should consider that these defaults should be forbidden (user should be forced to change them). | ||||
| CVE-2020-0540 | 1 Intel | 1 Active Management Technology Firmware | 2020-07-22 | 7.5 High |
| Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. | ||||
| CVE-2018-21248 | 1 Mattermost | 1 Mattermost Server | 2020-06-24 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials. | ||||
| CVE-2020-11681 | 1 Castel | 2 Nextgen Dvr, Nextgen Dvr Firmware | 2020-06-10 | 8.1 High |
| Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Low privileged users can exploit this to create an administrator user and obtain the SMTP credentials. | ||||
| CVE-2020-7030 | 1 Avaya | 1 Ip Office | 2020-06-09 | 5.5 Medium |
| A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3. | ||||