CWE-257
Storing Passwords in a Recoverable Format
Description
The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-49
CVEs mapped to this weakness (27)
page 1 of 2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-20128 | Hig | 0.61 | 7.5 | 0.05 | KEV | Feb 25, 2026 | A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an… | |
| CVE-2025-8095 | Cri | 0.59 | — | 0.00 | Apr 14, 2026 | The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced… | ||
| CVE-2025-34180 | Hig | 0.55 | — | 0.00 | Dec 15, 2025 | NetSupport Manager < 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file… | ||
| CVE-2025-8904 | Hig | 0.55 | 8.5 | 0.00 | Aug 13, 2025 | Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. Users are advised to… | ||
| CVE-2016-15058 | Hig | 0.53 | 8.1 | 0.00 | Apr 3, 2026 | Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when… | ||
| CVE-2017-9942 | Hig | 0.51 | 7.8 | 0.00 | Aug 8, 2017 | A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems. | ||
| CVE-2024-8774 | Hig | 0.50 | — | 0.00 | Mar 24, 2025 | The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator. This issue affect SIMPLE.ERP from 6.20 through 6.30. Only the 6.30 version received a patch 6.30@a03.9, which… | ||
| CVE-2025-0280 | Hig | 0.49 | 7.5 | 0.00 | Sep 3, 2025 | A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access. | ||
| CVE-2024-1480 | Hig | 0.49 | 7.5 | 0.01 | Apr 19, 2024 | Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication. | ||
| CVE-2025-14295 | Hig | 0.46 | — | 0.00 | Jan 22, 2026 | Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability (CWE-257) in the Web session management component allows an attacker to access stored passwords in a… | ||
| CVE-2024-32932 | — | Med | 0.44 | 6.8 | 0.00 | Jul 2, 2024 | Under certain circumstances the web interface users credentials may be recovered by an authenticated user. | |
| CVE-2024-32756 | — | Med | 0.44 | 6.8 | 0.00 | Jul 2, 2024 | Under certain circumstances the Linux users credentials may be recovered by an authenticated user. | |
| CVE-2026-22614 | Med | 0.40 | 6.1 | 0.00 | Mar 10, 2026 | The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This… | ||
| CVE-2024-51552 | Med | 0.39 | 6.0 | 0.00 | May 22, 2025 | Weak password storage vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | ||
| CVE-2025-8307 | — | Med | 0.38 | — | 0.00 | Jan 8, 2026 | Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using… | |
| CVE-2024-32151 | — | Med | 0.38 | 5.9 | 0.01 | Nov 26, 2024 | User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors… | |
| CVE-2026-1836 | Med | 0.34 | — | 0.00 | Jun 12, 2026 | The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials. | ||
| CVE-2018-5446 | Med | 0.32 | 4.9 | 0.00 | May 4, 2018 | Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format. | ||
| CVE-2025-24852 | Med | 0.30 | 4.6 | 0.00 | Mar 31, 2025 | Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, an attacker who can access the microSD card used on the product may obtain the product login password. | ||
| CVE-2026-22576 | Med | 0.28 | 4.3 | 0.00 | Apr 14, 2026 | A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0… |
- risk 0.61cvss 7.5epss 0.05
A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an…
- risk 0.59cvss —epss 0.00
The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced…
- risk 0.55cvss —epss 0.00
NetSupport Manager < 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file…
- risk 0.55cvss 8.5epss 0.00
Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. Users are advised to…
- risk 0.53cvss 8.1epss 0.00
Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when…
- risk 0.51cvss 7.8epss 0.00
A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems.
- risk 0.50cvss —epss 0.00
The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator. This issue affect SIMPLE.ERP from 6.20 through 6.30. Only the 6.30 version received a patch 6.30@a03.9, which…
- risk 0.49cvss 7.5epss 0.00
A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access.
- risk 0.49cvss 7.5epss 0.01
Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication.
- risk 0.46cvss —epss 0.00
Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability (CWE-257) in the Web session management component allows an attacker to access stored passwords in a…
- risk 0.44cvss 6.8epss 0.00
Under certain circumstances the web interface users credentials may be recovered by an authenticated user.
- risk 0.44cvss 6.8epss 0.00
Under certain circumstances the Linux users credentials may be recovered by an authenticated user.
- risk 0.40cvss 6.1epss 0.00
The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This…
- risk 0.39cvss 6.0epss 0.00
Weak password storage vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
- risk 0.38cvss —epss 0.00
Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using…
- risk 0.38cvss 5.9epss 0.01
User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors…
- risk 0.34cvss —epss 0.00
The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials.
- risk 0.32cvss 4.9epss 0.00
Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format.
- risk 0.30cvss 4.6epss 0.00
Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, an attacker who can access the microSD card used on the product may obtain the product login password.
- risk 0.28cvss 4.3epss 0.00
A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0…