CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
ClassDraftLikelihood: High
Description
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-116 · CAPEC-13 · CAPEC-169 · CAPEC-22 · CAPEC-224 · CAPEC-285 · CAPEC-287 · CAPEC-290 · CAPEC-291 · CAPEC-292 · CAPEC-293 · CAPEC-294 · CAPEC-295 · CAPEC-296 · CAPEC-297 · CAPEC-298 · CAPEC-299 · CAPEC-300 · CAPEC-301 · CAPEC-302 · CAPEC-303 · CAPEC-304 · CAPEC-305 · CAPEC-306 · CAPEC-307 · CAPEC-308 · CAPEC-309 · CAPEC-310 · CAPEC-312 · CAPEC-313 · CAPEC-317 · CAPEC-318 · CAPEC-319 · CAPEC-320 · CAPEC-321 · CAPEC-322 · CAPEC-323 · CAPEC-324 · CAPEC-325 · CAPEC-326 · CAPEC-327 · CAPEC-328 · CAPEC-329 · CAPEC-330 · CAPEC-472 · CAPEC-497 · CAPEC-508 · CAPEC-573 · CAPEC-574 · CAPEC-575 · CAPEC-576 · CAPEC-577 · CAPEC-59 · CAPEC-60 · CAPEC-616 · CAPEC-643 · CAPEC-646 · CAPEC-651 · CAPEC-79
CVEs mapped to this weakness (5,447)
page 3 of 273| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-6094 | Cri | 0.64 | 9.8 | 0.00 | Dec 20, 2017 | CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain "chk" value (48bit) derived from the MAC. The algorithm used to compute the "chk" was disclosed by reverse engineering the CPE's firmware. As a result, it is possible to forge valid "chk" values for any given MAC address and therefore receive the configuration settings of other subscribers' CPEs. The configuration settings often contain sensitive values, for example credentials (username/password) for VoIP services. This issue affects Genexis B.V. GAPS up to 7.2. | |
| CVE-2017-17735 | Cri | 0.64 | 9.8 | 0.00 | Dec 18, 2017 | CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. | |
| CVE-2017-17734 | Cri | 0.64 | 9.8 | 0.00 | Dec 18, 2017 | CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions. | |
| CVE-2017-3185 | Cri | 0.64 | 9.8 | 0.02 | Dec 16, 2017 | ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources. | |
| CVE-2017-13664 | Cri | 0.64 | 9.8 | 0.01 | Dec 1, 2017 | Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file. | |
| CVE-2017-13701 | Cri | 0.64 | 9.8 | 0.00 | Nov 23, 2017 | An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method. | |
| CVE-2016-1265 | Cri | 0.64 | 9.8 | 0.01 | Oct 13, 2017 | A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected. | |
| CVE-2015-8707 | Cri | 0.64 | 9.8 | 0.00 | Sep 26, 2017 | Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer field. | |
| CVE-2017-9393 | Cri | 0.64 | 9.8 | 0.00 | Sep 22, 2017 | CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search. | |
| CVE-2015-5284 | Cri | 0.64 | 9.8 | 0.00 | Sep 21, 2017 | ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable. | |
| CVE-2014-8174 | Cri | 0.64 | 9.8 | 0.03 | Sep 19, 2017 | eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files. | |
| CVE-2017-14269 | Cri | 0.64 | 9.8 | 0.01 | Sep 11, 2017 | EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content. | |
| CVE-2015-5959 | Cri | 0.64 | 9.8 | 0.01 | Sep 6, 2017 | Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log. | |
| CVE-2016-3086 | Cri | 0.64 | 9.8 | 0.00 | Sep 5, 2017 | The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications. | |
| CVE-2010-3845 | Cri | 0.64 | 9.8 | 0.00 | Aug 8, 2017 | libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log. | |
| CVE-2017-4923 | Cri | 0.64 | 9.8 | 0.01 | Aug 1, 2017 | VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature. | |
| CVE-2016-8964 | Cri | 0.64 | 9.8 | 0.02 | Jul 13, 2017 | IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853. | |
| CVE-2017-6709 | Cri | 0.64 | 9.8 | 0.01 | Jul 6, 2017 | A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerability exists because the affected software logs administrative credentials in clear text for Cisco ESC and Cisco OpenStack deployment purposes. An attacker could exploit this vulnerability by accessing the AutoVNF URL for the location where the log files are stored and subsequently accessing the administrative credentials that are stored in clear text in those log files. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76659. | |
| CVE-2017-6708 | Cri | 0.64 | 9.8 | 0.01 | Jul 6, 2017 | A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to the absence of validation checks for the input that is used to create symbolic links. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76654. | |
| CVE-2017-7317 | Cri | 0.64 | 9.8 | 0.01 | Jul 4, 2017 | An issue was discovered on Humax Digital HG100 2.0.6 devices. The attacker can find the root credentials in the backup file, aka GatewaySettings.bin. |