VYPR

CWE-256

Plaintext Storage of a Password

BaseIncompleteLikelihood: High

Description

The product stores a password in plaintext within resources such as memory or files.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (153)

page 3 of 8
  • CVE-2025-25727MedFeb 28, 2025
    risk 0.40cvss 6.2epss 0.00

    Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System versions: 6.25 & 6.00 were discovered to store passwords in cleartext.

  • CVE-2024-28325MedApr 26, 2024
    risk 0.40cvss 6.1epss 0.00

    Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings.

  • CVE-2024-45283MedSep 10, 2024
    risk 0.39cvss 6.0epss 0.00

    SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploitation, an attacker can read the sensitive information but cannot modify or…

  • CVE-2024-29978MedNov 26, 2024
    risk 0.38cvss 5.9epss 0.01

    User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors…

  • CVE-2025-46809MedJul 31, 2025
    risk 0.37cvss 5.7epss 0.00

    A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7…

  • CVE-2024-42197MedDec 11, 2025
    risk 0.36cvss 5.5epss 0.00

    HCL Workload Scheduler stores user credentials in plain text which can be read by a local user.

  • CVE-2025-11193MedNov 3, 2025
    risk 0.36cvss 5.5epss 0.00

    A potential vulnerability was reported in some Lenovo Tablets that could allow a local authenticated user or application to gain access to sensitive device specific information.

  • CVE-2024-4425MedMay 14, 2024
    risk 0.35cvss 5.4epss 0.00

    The access control in CemiPark software stores integration (e.g. FTP or SIP) credentials in plain-text. An attacker who gained unauthorized access to the device can retrieve clear text passwords used by the system.This issue affects CemiPark software: 4.5, 4.7, 5.03 and…

  • CVE-2025-15128MedDec 28, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safe_setting/ of the component Endpoint. Performing a manipulation of the argument backup_encryption_password_decrypt/export_encryption_password_decrypt results…

  • CVE-2025-13221MedNov 15, 2025
    risk 0.34cvss 5.3epss 0.00

    A weakness has been identified in Intelbras UnniTI 24.07.11. The affected element is an unknown function of the file /xml/sistema/usuarios.xml. Executing manipulation of the argument Usuario/Senha can lead to unprotected storage of credentials. The attack can be executed…

  • CVE-2025-48046MedMay 29, 2025
    risk 0.34cvss epss 0.00

    An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the /config.php endpoint.

  • CVE-2018-7515MedMar 21, 2018
    risk 0.34cvss 5.3epss 0.00

    In Omron CX-Supervisor Versions 3.30 and prior, access of uninitialized pointer vulnerabilities can be exploited when CX Supervisor indirectly calls an initialized pointer when parsing malformed packets.

  • CVE-2026-31850MedMar 23, 2026
    risk 0.32cvss 4.9epss 0.00

    Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate…

  • CVE-2026-6500MedMay 4, 2026
    risk 0.31cvss epss 0.00

    Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data. This issue affects OpenConcerto: 1.7.5.

  • CVE-2024-6833MedJul 17, 2024
    risk 0.31cvss 5.9epss 0.00

    A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation.

  • CVE-2026-36174MedJun 4, 2026
    risk 0.30cvss 4.6epss 0.00

    GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the…

  • CVE-2024-39922MedAug 13, 2024
    risk 0.30cvss 4.6epss 0.00

    A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1)…

  • CVE-2025-14183MedDec 7, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GET_FACTORY_INFO/GET_USER_INFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched…

  • CVE-2025-43005MedMay 13, 2025
    risk 0.28cvss 4.3epss 0.00

    SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials. While this issue does not impact the Integrity or Availability of the application, it may have a Low impact on the…

  • CVE-2024-45636MedJun 11, 2026
    risk 0.27cvss 4.1epss 0.00

    IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user.