Total
81 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22432 | 1 Dell | 1 Networker | 2024-02-01 | N/A | 6.5 MEDIUM |
| Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured MySQL Database user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application Database with privileges of the compromised account. | |||||
| CVE-2023-44300 | 1 Dell | 2 Powerprotect Data Manager Dm5500, Powerprotect Data Manager Dm5500 Firmware | 2023-12-18 | N/A | 5.5 MEDIUM |
| Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in the appliance. A local attacker with privileges could potentially exploit this vulnerability, leading to the disclosure of certain service credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2023-48700 | 1 Nautobot | 1 Nautobot-plugin-device-onboarding | 2023-11-30 | N/A | 6.5 MEDIUM |
| The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Starting in version 2.0.0 and prior to version 3.0.0, credentials provided to onboarding task are visible via Job Results from an execution of an Onboarding Task. Version 3.0.0 fixes this issue; no known workarounds are available. Mitigation recommendations include deleting all Job Results for any onboarding task to remove clear text credentials from database entries that were run while on v2.0.X, upgrading to v3.0.0, and rotating any exposed credentials. | |||||
| CVE-2023-4918 | 1 Redhat | 1 Keycloak | 2023-11-07 | N/A | 8.8 HIGH |
| A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the users passwords in clear text, jeopardizing their environment. | |||||
| CVE-2023-3395 | 1 Ovarro | 10 Tbox Lt2, Tbox Lt2 Firmware, Tbox Ms-cpu32 and 7 more | 2023-11-07 | N/A | 6.5 MEDIUM |
| All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer. | |||||
| CVE-2023-39227 | 1 Softneta | 1 Meddream Pacs | 2023-11-07 | N/A | 7.5 HIGH |
| Softneta MedDream PACS stores usernames and passwords in plaintext. The plaintext storage could be abused by attackers to leak legitimate user’s credentials. | |||||
| CVE-2023-26204 | 1 Fortinet | 1 Fortisiem | 2023-11-07 | N/A | 9.8 CRITICAL |
| A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may allow an attacker able to access user DB content to impersonate any admin user on the device GUI. | |||||
| CVE-2023-22389 | 1 Snapav | 2 Wattbox Wb-300-ip-3, Wattbox Wb-300-ip-3 Firmware | 2023-11-07 | N/A | 6.5 MEDIUM |
| Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/Restore–>Backup Settings, which could be read by any user accessing the file. | |||||
| CVE-2022-41732 | 1 Ibm | 1 Maximo Application Suite | 2023-11-07 | N/A | 5.5 MEDIUM |
| IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407. | |||||
| CVE-2022-3287 | 1 Fwupd | 1 Fwupd | 2023-11-07 | N/A | 6.5 MEDIUM |
| When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file. | |||||
| CVE-2022-3261 | 1 Redhat | 1 Openstack Platform | 2023-11-07 | N/A | 7.5 HIGH |
| A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem. | |||||
| CVE-2022-22458 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2023-11-07 | N/A | 6.5 MEDIUM |
| IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user. IBM X-Force ID: 225009. | |||||
| CVE-2021-1589 | 1 Cisco | 1 Sd-wan | 2023-11-07 | 3.5 LOW | 6.5 MEDIUM |
| A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. This vulnerability exists because access to API endpoints is not properly restricted. An attacker could exploit this vulnerability by sending a request to an API endpoint. A successful exploit could allow the attacker to gain unauthorized access to administrative credentials that could be used in further attacks. | |||||
| CVE-2023-42493 | 1 Busbaer | 1 Eisbaer Scada | 2023-11-01 | N/A | 9.8 CRITICAL |
| EisBaer Scada - CWE-256: Plaintext Storage of a Password | |||||
| CVE-2023-43777 | 1 Eaton | 1 Easysoft | 2023-10-25 | N/A | 6.5 MEDIUM |
| Eaton easySoft software is used to program easy controllers and displays for configuring, programming and defining parameters for all the intelligent relays. This software has a password protection functionality to secure the project file from unauthorized access. This password was being stored insecurely and could be retrieved by skilled adversaries. | |||||
| CVE-2023-27315 | 1 Netapp | 1 Snapgathers | 2023-10-16 | N/A | 5.5 MEDIUM |
| SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext domain user credentials | |||||
| CVE-2023-4400 | 1 Skyhighsecurity | 1 Secure Web Gateway | 2023-09-15 | N/A | 6.5 MEDIUM |
| A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was possible due to SWG storing the password in plain text in some configuration files. | |||||
| CVE-2022-43958 | 1 Siemens | 1 Qms Automotive | 2023-09-12 | N/A | 7.6 HIGH |
| A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All versions < V12.39). User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users. | |||||
| CVE-2023-35067 | 1 Infodrom | 1 E-invoice Approval System | 2023-08-16 | N/A | 7.5 HIGH |
| Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable.This issue affects E-Invoice Approval System: before v.20230701. | |||||
| CVE-2022-22557 | 1 Dell | 3 Powerstore T, Powerstore X, Powerstoreos | 2023-07-24 | 7.2 HIGH | 7.8 HIGH |
| PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||