CWE-312
Cleartext Storage of Sensitive Information
BaseDraft
Description
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-37
CVEs mapped to this weakness (140)
page 5 of 7| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-0123 | Med | 0.38 | — | 0.00 | Apr 11, 2025 | A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture in decrypted HTTP/2 data streams traversing network interfaces on the firewall. HTTP/1.1 data streams are not impacted. In normal conditions, decrypted packet captures are available to firewall administrators after they obtain and install a free Decryption Port Mirror license. The license requirement ensures that this feature can only be used after approved personnel purposefully activate the license. For more information, review how to configure decryption port mirroring https://docs.paloaltonetworks.com/network-security/decryption/administration/monitoring-decryption/configure-decryption-port-mirroring . The administrator must obtain network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. Risk of this issue can be greatly reduced by restricting access to the management interface to only trusted administrators and from only internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . Customer firewall administrators do not have access to the packet capture feature in Cloud NGFW. This feature is available only to authorized Palo Alto Networks personnel permitted to perform troubleshooting. Prisma® Access is not impacted by this vulnerability. | |
| CVE-2024-29146 | Med | 0.38 | 5.9 | 0.00 | Nov 26, 2024 | User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | |
| CVE-2024-28065 | Med | 0.38 | 5.9 | 0.00 | Apr 5, 2024 | In Unify CP IP Phone firmware 1.10.4.3, files are not encrypted and contain sensitive information such as the root password hash. | |
| CVE-2025-58401 | Med | 0.37 | 6.8 | 0.00 | Sep 5, 2025 | Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account. | |
| CVE-2023-28912 | Med | 0.37 | 5.7 | 0.00 | Jun 28, 2025 | The MIB3 unit stores the synchronized phone contact book in clear-text, allowing an attacker with either code execution privilege on the system or physical access to the system to obtain vehicle owner's contact data. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources. | |
| CVE-2024-55582 | Med | 0.37 | 5.7 | 0.00 | Dec 9, 2024 | Oxide before 6 has unencrypted Control Plane datastores. | |
| CVE-2026-43942 | Med | 0.36 | 5.5 | 0.00 | May 8, 2026 | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, the getConstants() IPC handler in src/app/lib/ipc-sync.js serialises the entire process.env object and sends it to the renderer. The data is stored as window.pre.env and is accessible from any JavaScript running in the renderer (e.g., via the DevTools console or a compromised webview context). An attacker who achieves any JavaScript execution within the renderer can trivially exfiltrate these secrets to a remote server, leading to cloud account compromise, supply chain attacks, and lateral movement. At time of publication, there are no publicly available patches. | |
| CVE-2025-3784 | Med | 0.36 | 5.5 | 0.00 | Nov 27, 2025 | Cleartext Storage of Sensitive Information Vulnerability in GX Works2 all versions allows an attacker to disclose credential information stored in plaintext from project files. As a result, the attacker may be able to open project files protected by user authentication using disclosed credential information, and obtain or modify project information. | |
| CVE-2025-2182 | Med | 0.36 | — | 0.00 | Aug 13, 2025 | A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster. A user who possesses this key can read messages being sent between devices in a NGFW Cluster. There is no impact in non-clustered firewalls or clusters of firewalls that do not enable MACsec. | |
| CVE-2025-41458 | Med | 0.36 | 5.5 | 0.00 | Jul 21, 2025 | Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the app’s filesystem. | |
| CVE-2025-41647 | Med | 0.36 | 5.5 | 0.00 | Jun 25, 2025 | A local, low-privileged attacker can learn the password of the connected controller in PLC Designer V4 due to an incorrect implementation that results in the password being displayed in plain text under special conditions. | |
| CVE-2024-4840 | Med | 0.36 | 5.5 | 0.00 | May 14, 2024 | An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs. | |
| CVE-2009-1466 | Med | 0.36 | 5.5 | 0.00 | May 14, 2009 | Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file. | |
| CVE-2008-1567 | Med | 0.36 | 5.5 | 0.00 | Mar 31, 2008 | phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. | |
| CVE-2005-2209 | Med | 0.36 | 5.5 | 0.00 | Jul 11, 2005 | Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users. | |
| CVE-2002-1696 | Med | 0.36 | 5.5 | 0.00 | Dec 31, 2002 | Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message. | |
| CVE-2026-41385 | Med | 0.35 | 6.5 | 0.00 | Apr 28, 2026 | OpenClaw before 2026.3.31 stores Nostr privateKey as plaintext in configuration, allowing exposure through config.get method calls that bypass redaction mechanisms. Attackers can retrieve unredacted configuration data to obtain plaintext signing keys used for Nostr protocol operations. | |
| CVE-2026-35644 | Med | 0.35 | 6.5 | 0.00 | Apr 9, 2026 | OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive authentication information from URL userinfo components. | |
| CVE-2024-12094 | Med | 0.35 | — | 0.00 | Dec 5, 2024 | This vulnerability exists in the Tinxy mobile app due to storage of logged-in user information in plaintext on the device database. An attacker with physical access to the rooted device could exploit this vulnerability by accessing its database leading to unauthorized access of user information such as username, email address and mobile number. Note: To exploit this vulnerability, the device must be rooted/jailbroken. | |
| CVE-2026-5531 | Med | 0.34 | 5.3 | 0.00 | Apr 5, 2026 | A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function of the file /login_credentials.txt of the component HTTP GET Request Handler. The manipulation leads to cleartext storage in a file or on disk. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |