VYPR

CWE-256

Plaintext Storage of a Password

BaseIncompleteLikelihood: High

Description

The product stores a password in plaintext within resources such as memory or files.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (153)

page 1 of 8
  • CVE-2025-6561CriJun 26, 2025
    risk 0.64cvss 9.8epss 0.00

    Certain hybrid DVR models ((HBF-09KD and HBF-16NK)) from Hunt Electronic have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials.

  • CVE-2025-6560CriJun 24, 2025
    risk 0.64cvss 9.8epss 0.01

    Multiple wireless router models from Sapido have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials.  The affected models are out of…

  • CVE-2025-5893CriJun 9, 2025
    risk 0.64cvss 9.8epss 0.00

    Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access a specific page and obtain plaintext administrator credentials.

  • CVE-2024-5960CriSep 18, 2024
    risk 0.64cvss 9.8epss 0.00

    Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials. This issue affects Panel: before v2.3.24.

  • CVE-2024-36081CriMay 19, 2024
    risk 0.64cvss 9.8epss 0.01

    Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network.

  • CVE-2017-16714CriSep 6, 2018
    risk 0.64cvss 9.8epss 0.02

    In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication.

  • CVE-2018-8851CriJul 24, 2018
    risk 0.64cvss 9.8epss 0.01

    Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer…

  • CVE-2018-7510CriJun 6, 2018
    risk 0.64cvss 9.8epss 0.01

    In the web application in BeaconMedaes TotalAlert Scroll Medical Air Systems running software versions prior to 4107600010.23, passwords are presented in plaintext in a file that is accessible without authentication.

  • CVE-2017-7913CriMay 29, 2017
    risk 0.64cvss 9.8epss 0.01

    A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell…

  • CVE-2026-46488criJun 22, 2026
    risk 0.59cvss epss

    ### Summary An authentication bypass vulnerability exists due to improper trust in client-controlled cookies. The application accepts user-supplied cookie values containing a username and password-hash-derived value as sufficient authentication material. These cookies can be set…

  • CVE-2025-7357HigJul 16, 2025
    risk 0.57cvss epss 0.00

    LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials in cleartext in their system logs.

  • CVE-2025-3758HigMay 8, 2025
    risk 0.57cvss epss 0.00

    WF2220 exposes endpoint /cgi-bin-igd/netcore_get.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password. The vendor was contacted early about this disclosure but did not respond in any way.

  • CVE-2021-47961HigApr 10, 2026
    risk 0.53cvss 8.1epss 0.00

    A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN…

  • CVE-2025-52164HigJul 18, 2025
    risk 0.53cvss 8.2epss 0.00

    Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to store credentials in plaintext.

  • CVE-2024-40116HigJul 26, 2024
    risk 0.53cvss 8.1epss 0.00

    An issue in Solar-Log 1000 before v2.8.2 and build 52-23.04.2013 was discovered to store plaintext passwords in the export.html, email.html, and sms.html files -- fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL…

  • CVE-2018-25396HigMay 29, 2026
    risk 0.49cvss 7.5epss 0.00

    Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username…

  • CVE-2025-15624HigApr 17, 2026
    risk 0.49cvss 7.5epss 0.00

    Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.  In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in…

  • CVE-2026-35556HigApr 9, 2026
    risk 0.49cvss 7.5epss 0.00

    OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information.

  • CVE-2024-41336HigFeb 27, 2025
    risk 0.49cvss 7.5epss 0.00

    Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor…

  • CVE-2023-6518HigFeb 8, 2024
    risk 0.49cvss 7.5epss 0.00

    Plaintext Storage of a Password vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7.