VYPR

CWE-257

Storing Passwords in a Recoverable Format

BaseIncompleteLikelihood: High

Description

The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-49

CVEs mapped to this weakness (27)

page 1 of 2
  • CVE-2026-20128HigKEVFeb 25, 2026
    risk 0.61cvss 7.5epss 0.05

    A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an…

  • CVE-2025-8095CriApr 14, 2026
    risk 0.59cvss epss 0.00

    The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform.  It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications.  OECH1 encodings should be considered exploitable and immediately replaced…

  • CVE-2025-34180HigDec 15, 2025
    risk 0.55cvss epss 0.00

    NetSupport Manager < 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file…

  • CVE-2025-8904HigAug 13, 2025
    risk 0.55cvss 8.5epss 0.00

    Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. Users are advised to…

  • CVE-2016-15058HigApr 3, 2026
    risk 0.53cvss 8.1epss 0.00

    Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when…

  • CVE-2017-9942HigAug 8, 2017
    risk 0.51cvss 7.8epss 0.00

    A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems.

  • CVE-2024-8774HigMar 24, 2025
    risk 0.50cvss epss 0.00

    The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator. This issue affect SIMPLE.ERP from 6.20 through 6.30. Only the 6.30 version received a patch 6.30@a03.9, which…

  • CVE-2025-0280HigSep 3, 2025
    risk 0.49cvss 7.5epss 0.00

    A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access.

  • CVE-2024-1480HigApr 19, 2024
    risk 0.49cvss 7.5epss 0.01

    Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication.

  • CVE-2025-14295HigJan 22, 2026
    risk 0.46cvss epss 0.00

    Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability (CWE-257) in the Web session management component allows an attacker to access stored passwords in a…

  • CVE-2024-32932MedJul 2, 2024
    risk 0.44cvss 6.8epss 0.00

    Under certain circumstances the web interface users credentials may be recovered by an authenticated user.

  • CVE-2024-32756MedJul 2, 2024
    risk 0.44cvss 6.8epss 0.00

    Under certain circumstances the Linux users credentials may be recovered by an authenticated user.

  • CVE-2026-22614MedMar 10, 2026
    risk 0.40cvss 6.1epss 0.00

    The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This…

  • CVE-2024-51552MedMay 22, 2025
    risk 0.39cvss 6.0epss 0.00

    Weak password storage vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

  • CVE-2025-8307MedJan 8, 2026
    risk 0.38cvss epss 0.00

    Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using…

  • CVE-2024-32151MedNov 26, 2024
    risk 0.38cvss 5.9epss 0.01

    User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors…

  • CVE-2026-1836MedJun 12, 2026
    risk 0.34cvss epss 0.00

    The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials.

  • CVE-2018-5446MedMay 4, 2018
    risk 0.32cvss 4.9epss 0.00

    Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format.

  • CVE-2025-24852MedMar 31, 2025
    risk 0.30cvss 4.6epss 0.00

    Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, an attacker who can access the microSD card used on the product may obtain the product login password.

  • CVE-2026-22576MedApr 14, 2026
    risk 0.28cvss 4.3epss 0.00

    A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0…