CWE-256

Plaintext Storage of a Password

BaseIncompleteLikelihood: High

Description

The product stores a password in plaintext within resources such as memory or files.

Hierarchy (View 1000)

Parents

CWE-522

Children

none

CVEs mapped to this weakness (57)

page 1 of 3

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-6561	Cri	0.64	9.8	0.01	Jun 26, 2025	Certain hybrid DVR models ((HBF-09KD and HBF-16NK)) from Hunt Electronic have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials.
CVE-2025-6560	Cri	0.64	9.8	0.01	Jun 24, 2025	Multiple wireless router models from Sapido have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials. The affected models are out of support; replacing the device is recommended.
CVE-2025-5893	Cri	0.64	9.8	0.01	Jun 9, 2025	Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access a specific page and obtain plaintext administrator credentials.
CVE-2024-36081	Cri	0.64	9.8	0.00	May 19, 2024	Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network.
CVE-2025-15624	Cri	0.60	—	0.00	Apr 17, 2026	Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext.
CVE-2025-7357	Hig	0.57	—	0.00	Jul 16, 2025	LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials in cleartext in their system logs.
CVE-2025-3758	Hig	0.57	—	0.00	May 8, 2025	WF2220 exposes endpoint /cgi-bin-igd/netcore_get.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2021-47961	Hig	0.53	8.1	0.00	Apr 10, 2026	A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combined with user interaction.
CVE-2025-52164	Hig	0.53	8.2	0.00	Jul 18, 2025	Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to store credentials in plaintext.
CVE-2024-40116	Hig	0.53	8.1	0.00	Jul 26, 2024	An issue in Solar-Log 1000 before v2.8.2 and build 52-23.04.2013 was discovered to store plaintext passwords in the export.html, email.html, and sms.html files -- fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base.
CVE-2026-35556	Hig	0.49	7.5	0.00	Apr 9, 2026	OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information.
CVE-2024-41336	Hig	0.49	7.5	0.00	Feb 27, 2025	Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 were discovered to store passwords in plaintext.
CVE-2025-2500	Hig	0.48	7.4	0.00	May 30, 2025	A vulnerability exists in the SOAP Web services of the Asset Suite versions listed below. If successfully exploited, an attacker could gain unauthorized access to the product and the time window of a possible password attack could be expanded.
CVE-2024-27166	Hig	0.48	7.4	0.00	Jun 14, 2024	Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference URL.
CVE-2024-10334	Hig	0.47	7.3	0.00	Feb 10, 2025	A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used. An attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed. This issue affects System 800xA: 5.1.X; System 800xA: 6.0.3.X; System 800xA: 6.1.1.X; System 800xA: 6.2.X.
CVE-2024-43659	Hig	0.47	7.2	0.00	Jan 9, 2025	After gaining access to the firmware of a charging station, a file at <redacted> can be accessed to obtain default credentials that are the same across all Iocharger AC model EV chargers. This issue affects Iocharger firmware for AC models before firmware version 25010801. The issue is addressed by requiring a mandatory password change on first login, it is still recommended to change the password on older models. Likelihood: Moderate – The attacker will first have to abuse a code execution or file inclusion vulnerability (for example by using <redacted>.sh) to gain access to the <redacted>.json file, or obtain a firmware dump of the charging station or obtain the firmware via other channels. Impact: Critical – All chargers using Iocharger firmware for AC models started with the same initial password. For models with firmware version before 25010801 a password change was not mandatory. It is therefore very likely that this firmware password is still active on many chargers. These credentials could, once obtained, allow an attacker to log into many Iocharger charging station, and allow them to execute arbitrary commands via the System → Custom page. CVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, and requires high privileges (PR:H), there is no user interaction required (UI:N). The attack leads to a compromised of the confidentialy of the "super user" credentials of the device (VC:H/VI:N/VA:N), and can subsequently be used to full compromise and other devices (SC:H/SI:H/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y).
CVE-2024-11982	Hig	0.47	7.2	0.00	Nov 29, 2024	Certain models of routers from Billion Electric has a Plaintext Storage of a Password vulnerability. Remote attackers with administrator privileges can access the user settings page to retrieve plaintext passwords.
CVE-2024-3625	Hig	0.47	7.3	0.00	Apr 25, 2024	A flaw was found in Quay, where Quay's database is stored in plain text in mirror-registry on Jinja's config.yaml file. This issue leaves the possibility of a malicious actor with access to this file to gain access to Quay's Redis instance.
CVE-2024-3624	Hig	0.47	7.3	0.00	Apr 25, 2024	A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay's database.
CVE-2025-65009	Hig	0.46	—	0.00	Dec 18, 2025	In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) admin password is stored in configuration file as plaintext and can be obtained by unauthorized user by direct references to the resource in question. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.