Total
1025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7233 | 1 Kmccontrols | 2 Bac-a1616bc, Bac-a1616bc Firmware | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOOR_NAME variable in the BC_Logon.swf file. | |||||
| CVE-2019-19890 | 1 Humaxdigital | 2 Hgb10r-02, Hgb10r-02 Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. Admin credentials are sent over cleartext HTTP. | |||||
| CVE-2019-6700 | 1 Fortinet | 1 Fortisiem | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code. | |||||
| CVE-2017-13771 | 1 Lexmark | 1 Scan To Network | 2021-07-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet. | |||||
| CVE-2020-5404 | 1 Pivotal | 1 Reactor Netty | 2021-07-07 | 4.9 MEDIUM | 5.9 MEDIUM |
| The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects. | |||||
| CVE-2019-6452 | 1 Kyocera | 3 Command Center Rx, Taskalfa 4501i, Taskalfa 5052ci | 2021-06-28 | 4.0 MEDIUM | 8.8 HIGH |
| Kyocera Command Center RX TASKalfa4501i and TASKalfa5052ci allows remote attackers to abuse the Test button in the machine address book to obtain a cleartext FTP or SMB password. | |||||
| CVE-2021-28857 | 1 Tp-link | 2 Tl-wpa4220, Tl-wpa4220 Firmware | 2021-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie. | |||||
| CVE-2020-15381 | 1 Broadcom | 1 Sannav | 2021-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server. | |||||
| CVE-2014-4806 | 2 Ibm, Linux | 2 Security Appscan, Linux Kernel | 2021-06-11 | 2.1 LOW | 5.5 MEDIUM |
| The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2019-11272 | 2 Debian, Vmware | 2 Debian Linux, Spring Security | 2021-06-08 | 7.5 HIGH | 7.3 HIGH |
| Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null". | |||||
| CVE-2019-25030 | 1 Versa-networks | 3 Versa Analytics, Versa Director, Versa Operating System | 2021-06-07 | 2.1 LOW | 5.5 MEDIUM |
| In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction (such as MD5 and SHA-1) alone are insufficient in thwarting password cracking. Attackers can generate and use precomputed hashes for all possible password character combinations (commonly referred to as "rainbow tables") relatively quickly. The use of adaptive hashing algorithms such asscryptorbcryptor Key-Derivation Functions (i.e.PBKDF2) to hash passwords make generation of such rainbow tables computationally infeasible. | |||||
| CVE-2021-29253 | 1 Rsa | 1 Archer | 2021-06-04 | 2.1 LOW | 5.5 MEDIUM |
| The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2) is affected by an insecure credential storage vulnerability. An malicious attacker with access to the Tableau workbook file may obtain access to credential information to use it in further attacks. | |||||
| CVE-2020-27839 | 1 Redhat | 1 Ceph | 2021-06-03 | 3.5 LOW | 5.4 MEDIUM |
| A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity. | |||||
| CVE-2021-20389 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2021-05-25 | 2.1 LOW | 7.8 HIGH |
| IBM Security Guardium 11.2 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 195770. | |||||
| CVE-2021-20997 | 1 Wago | 10 0852-0303, 0852-0303 Firmware, 0852-1305 and 7 more | 2021-05-20 | 5.0 MEDIUM | 7.5 HIGH |
| In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users. | |||||
| CVE-2019-11820 | 1 Synology | 1 Calendar | 2021-05-12 | 2.1 LOW | 5.5 MEDIUM |
| Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline. | |||||
| CVE-2020-25175 | 1 Gehealthcare | 224 1.5t Brivo Mr355, 1.5t Brivo Mr355 Firmware, 3.0t Signa Hd 16 and 221 more | 2021-04-30 | 5.0 MEDIUM | 9.8 CRITICAL |
| GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network. | |||||
| CVE-2018-20445 | 1 Dlink | 4 Dcm-604, Dcm-604 Firmware, Dcm-704 and 1 more | 2021-04-23 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32 and iso.3.6.1.4.1.4413.2.2.2.1.5.4.2.4.1.2.32 SNMP requests. | |||||
| CVE-2021-22115 | 1 Cloudfoundry | 2 Capi-release, Cf-deployment | 2021-04-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller. | |||||
| CVE-2018-13822 | 1 Broadcom | 1 Project Portfolio Management | 2021-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information. | |||||