CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Description
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-116 · CAPEC-13 · CAPEC-169 · CAPEC-22 · CAPEC-224 · CAPEC-285 · CAPEC-287 · CAPEC-290 · CAPEC-291 · CAPEC-292 · CAPEC-293 · CAPEC-294 · CAPEC-295 · CAPEC-296 · CAPEC-297 · CAPEC-298 · CAPEC-299 · CAPEC-300 · CAPEC-301 · CAPEC-302 · CAPEC-303 · CAPEC-304 · CAPEC-305 · CAPEC-306 · CAPEC-307 · CAPEC-308 · CAPEC-309 · CAPEC-310 · CAPEC-312 · CAPEC-313 · CAPEC-317 · CAPEC-318 · CAPEC-319 · CAPEC-320 · CAPEC-321 · CAPEC-322 · CAPEC-323 · CAPEC-324 · CAPEC-325 · CAPEC-326 · CAPEC-327 · CAPEC-328 · CAPEC-329 · CAPEC-330 · CAPEC-472 · CAPEC-497 · CAPEC-508 · CAPEC-573 · CAPEC-574 · CAPEC-575 · CAPEC-576 · CAPEC-577 · CAPEC-59 · CAPEC-60 · CAPEC-616 · CAPEC-643 · CAPEC-646 · CAPEC-651 · CAPEC-79
CVEs mapped to this weakness (7,319)
page 5 of 366| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-3813 | Cri | 0.64 | 9.8 | 0.01 | Jan 1, 2018 | getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request. | ||
| CVE-2017-6094 | Cri | 0.64 | 9.8 | 0.01 | Dec 20, 2017 | CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain "chk" value (48bit) derived from the MAC. The algorithm used to compute the… | ||
| CVE-2017-17735 | Cri | 0.64 | 9.8 | 0.01 | Dec 18, 2017 | CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. | ||
| CVE-2017-17734 | Cri | 0.64 | 9.8 | 0.01 | Dec 18, 2017 | CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions. | ||
| CVE-2017-3185 | Cri | 0.64 | 9.8 | 0.03 | Dec 16, 2017 | ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through… | ||
| CVE-2017-13664 | Cri | 0.64 | 9.8 | 0.02 | Dec 1, 2017 | Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file. | ||
| CVE-2017-13701 | Cri | 0.64 | 9.8 | 0.02 | Nov 23, 2017 | An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method. | ||
| CVE-2016-1265 | Cri | 0.64 | 9.8 | 0.02 | Oct 13, 2017 | A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command… | ||
| CVE-2015-8707 | Cri | 0.64 | 9.8 | 0.01 | Sep 26, 2017 | Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer field. | ||
| CVE-2017-9393 | Cri | 0.64 | 9.8 | 0.02 | Sep 22, 2017 | CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search. | ||
| CVE-2015-5284 | Cri | 0.64 | 9.8 | 0.01 | Sep 21, 2017 | ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable. | ||
| CVE-2014-8174 | Cri | 0.64 | 9.8 | 0.03 | Sep 19, 2017 | eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files. | ||
| CVE-2017-14269 | Cri | 0.64 | 9.8 | 0.02 | Sep 11, 2017 | EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content. | ||
| CVE-2016-3086 | Cri | 0.64 | 9.8 | 0.04 | Sep 5, 2017 | The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications. | ||
| CVE-2010-3845 | Cri | 0.64 | 9.8 | 0.02 | Aug 8, 2017 | libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log. | ||
| CVE-2017-4923 | Cri | 0.64 | 9.8 | 0.02 | Aug 1, 2017 | VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature. | ||
| CVE-2017-9788 | Cri | 0.64 | 9.1 | 0.57 | Jul 13, 2017 | In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment… | ||
| CVE-2016-8964 | Cri | 0.64 | 9.8 | 0.02 | Jul 13, 2017 | IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853. | ||
| CVE-2017-6709 | Cri | 0.64 | 9.8 | 0.01 | Jul 6, 2017 | A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerability… | ||
| CVE-2017-6708 | Cri | 0.64 | 9.8 | 0.01 | Jul 6, 2017 | A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to… |
- risk 0.64cvss 9.8epss 0.01
getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request.
- risk 0.64cvss 9.8epss 0.01
CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain "chk" value (48bit) derived from the MAC. The algorithm used to compute the…
- risk 0.64cvss 9.8epss 0.01
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies.
- risk 0.64cvss 9.8epss 0.01
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.
- risk 0.64cvss 9.8epss 0.03
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through…
- risk 0.64cvss 9.8epss 0.02
Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method.
- risk 0.64cvss 9.8epss 0.02
A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command…
- risk 0.64cvss 9.8epss 0.01
Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer field.
- risk 0.64cvss 9.8epss 0.02
CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search.
- risk 0.64cvss 9.8epss 0.01
ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable.
- risk 0.64cvss 9.8epss 0.03
eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files.
- risk 0.64cvss 9.8epss 0.02
EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content.
- risk 0.64cvss 9.8epss 0.04
The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.
- risk 0.64cvss 9.8epss 0.02
libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log.
- risk 0.64cvss 9.8epss 0.02
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature.
- risk 0.64cvss 9.1epss 0.57
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment…
- risk 0.64cvss 9.8epss 0.02
IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853.
- risk 0.64cvss 9.8epss 0.01
A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerability…
- risk 0.64cvss 9.8epss 0.01
A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to…