VYPR

CWE-256

Plaintext Storage of a Password

BaseIncompleteLikelihood: High

Description

The product stores a password in plaintext within resources such as memory or files.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (153)

page 2 of 8
  • CVE-2023-35067HigJul 25, 2023
    risk 0.49cvss 7.5epss 0.00

    Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable.This issue affects E-Invoice Approval System: before v.20230701.

  • CVE-2024-39575HigJun 16, 2026
    risk 0.48cvss 7.4epss 0.00

    update_disk_psu_baseline.sh requires password in plain text

  • CVE-2025-2500HigMay 30, 2025
    risk 0.48cvss 7.4epss 0.00

    A vulnerability exists in the SOAP Web services of the Asset Suite versions listed below. If successfully exploited, an attacker could gain unauthorized access to the product and the time window of a possible password attack could be expanded.

  • CVE-2024-27166HigJun 14, 2024
    risk 0.48cvss 7.4epss 0.00

    Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-10334HigFeb 10, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used.  An attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed. This issue affects System 800xA:…

  • CVE-2024-43659HigJan 9, 2025
    risk 0.47cvss 7.2epss 0.01

    After gaining access to the firmware of a charging station, a file at can be accessed to obtain default credentials that are the same across all Iocharger AC model EV chargers. This issue affects Iocharger firmware for AC models before firmware version 25010801. …

  • CVE-2024-11982HigNov 29, 2024
    risk 0.47cvss 7.2epss 0.01

    Certain models of routers from Billion Electric has a Plaintext Storage of a Password vulnerability. Remote attackers with administrator privileges can access the user settings page to retrieve plaintext passwords.

  • CVE-2024-3625HigApr 25, 2024
    risk 0.47cvss 7.3epss 0.00

    A flaw was found in Quay, where Quay's database is stored in plain text in mirror-registry on Jinja's config.yaml file. This issue leaves the possibility of a malicious actor with access to this file to gain access to Quay's Redis instance.

  • CVE-2024-3624HigApr 25, 2024
    risk 0.47cvss 7.3epss 0.00

    A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay's database.

  • CVE-2025-65009HigDec 18, 2025
    risk 0.46cvss epss 0.00

    In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) admin password is stored in configuration file as plaintext and can be obtained by unauthorized user by direct references to the resource in question. The vendor was notified early about this vulnerability, but…

  • CVE-2024-28736HigMay 31, 2024
    risk 0.46cvss 7.1epss 0.03

    An issue in Debezium Community debezium-ui v.2.5 allows a local attacker to execute arbitrary code via the refresh page function.

  • CVE-2024-43378HigAug 16, 2024
    risk 0.44cvss 7.8epss 0.00

    calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users who installed NixOS through the graphical installer who used manual disk partitioning to create a setup where the system was booted via legacy BIOS rather than UEFI;…

  • CVE-2025-61680MedOct 3, 2025
    risk 0.43cvss epss 0.00

    Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords using VS Code's configuration API which writes to settings.json in plaintext. This issue is fixed in version 2.1.0.

  • CVE-2025-0936MedMay 7, 2025
    risk 0.42cvss 6.5epss 0.00

    On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote…

  • CVE-2024-22032MedOct 16, 2024
    risk 0.42cvss 6.5epss 0.00

    A vulnerability has been identified in which an RKE1 cluster keeps constantly reconciling when secrets encryption configuration is enabled. When reconciling, the Kube API secret values are written in plaintext on the AppliedSpec. Cluster owners, Cluster members, and Project…

  • CVE-2024-39220MedJul 3, 2024
    risk 0.42cvss 6.5epss 0.00

    BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD,…

  • CVE-2024-25138MedMar 26, 2024
    risk 0.42cvss 6.5epss 0.00

    In AutomationDirect C-MORE EA9 HMI, credentials used by the platform are stored as plain text on the device.

  • CVE-2025-36335MedApr 30, 2026
    risk 0.40cvss 6.2epss 0.00

    IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user.

  • CVE-2025-25051MedJan 22, 2026
    risk 0.40cvss 6.1epss 0.00

    An attacker could decrypt sensitive data, impersonate legitimate users or devices, and potentially gain access to network resources for lateral attacks.

  • CVE-2018-25130MedDec 24, 2025
    risk 0.40cvss 6.2epss 0.00

    Beward Intercom 2.3.1 contains a credentials disclosure vulnerability that allows local attackers to access plain-text authentication credentials stored in an unencrypted database file. Attackers can read the BEWARD.INTERCOM.FDB file to extract usernames and passwords, enabling…