CWE-312
Cleartext Storage of Sensitive Information
Description
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-37
CVEs mapped to this weakness (269)
page 6 of 14| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-28912 | Med | 0.37 | 5.7 | 0.00 | Jun 28, 2025 | The MIB3 unit stores the synchronized phone contact book in clear-text, allowing an attacker with either code execution privilege on the system or physical access to the system to obtain vehicle owner's contact data. The vulnerability was originally discovered in Skoda Superb… | ||
| CVE-2024-55582 | Med | 0.37 | 5.7 | 0.00 | Dec 9, 2024 | Oxide before 6 has unencrypted Control Plane datastores. | ||
| CVE-2026-43942 | Med | 0.36 | 5.5 | 0.00 | May 8, 2026 | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, the getConstants() IPC handler in src/app/lib/ipc-sync.js serialises the entire process.env object and sends it to the renderer. The data is stored as… | ||
| CVE-2025-3784 | Med | 0.36 | 5.5 | 0.00 | Nov 27, 2025 | Cleartext Storage of Sensitive Information Vulnerability in GX Works2 all versions allows an attacker to disclose credential information stored in plaintext from project files. As a result, the attacker may be able to open project files protected by user authentication using… | ||
| CVE-2025-2182 | Med | 0.36 | — | 0.00 | Aug 13, 2025 | A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster. A user who possesses this… | ||
| CVE-2025-41458 | Med | 0.36 | 5.5 | 0.00 | Jul 21, 2025 | Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the app’s filesystem. | ||
| CVE-2025-41647 | Med | 0.36 | 5.5 | 0.00 | Jun 25, 2025 | A local, low-privileged attacker can learn the password of the connected controller in PLC Designer V4 due to an incorrect implementation that results in the password being displayed in plain text under special conditions. | ||
| CVE-2024-4840 | — | Med | 0.36 | 5.5 | 0.00 | May 14, 2024 | An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs. | |
| CVE-2020-10727 | Med | 0.36 | 5.5 | 0.01 | Jun 26, 2020 | A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use… | ||
| CVE-2009-1466 | Med | 0.36 | 5.5 | 0.00 | May 14, 2009 | Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file. | ||
| CVE-2008-1567 | Med | 0.36 | 5.5 | 0.00 | Mar 31, 2008 | phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. | ||
| CVE-2005-2209 | Med | 0.36 | 5.5 | 0.00 | Jul 11, 2005 | Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users. | ||
| CVE-2002-1696 | Med | 0.36 | 5.5 | 0.00 | Dec 31, 2002 | Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user… | ||
| CVE-2026-41385 | Med | 0.35 | 6.5 | 0.00 | Apr 28, 2026 | OpenClaw before 2026.3.31 stores Nostr privateKey as plaintext in configuration, allowing exposure through config.get method calls that bypass redaction mechanisms. Attackers can retrieve unredacted configuration data to obtain plaintext signing keys used for Nostr protocol… | ||
| CVE-2026-35644 | Med | 0.35 | 6.5 | 0.00 | Apr 9, 2026 | OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to… | ||
| CVE-2026-39943 | Med | 0.35 | 6.5 | 0.00 | Apr 9, 2026 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records (in directus_revisions) whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta… | ||
| CVE-2026-27877 | Med | 0.35 | 6.5 | 0.00 | Mar 27, 2026 | When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as… | ||
| CVE-2024-12094 | Med | 0.35 | — | 0.00 | Dec 5, 2024 | This vulnerability exists in the Tinxy mobile app due to storage of logged-in user information in plaintext on the device database. An attacker with physical access to the rooted device could exploit this vulnerability by accessing its database leading to unauthorized access of… | ||
| CVE-2026-45040 | Med | 0.34 | — | 0.00 | May 28, 2026 | RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUST_LOG=debug sensitive credentials including SessionToken (JWT), SecretAccessKey, and full JWT… | ||
| CVE-2026-9274 | Med | 0.34 | — | 0.00 | May 25, 2026 | This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive… |
- risk 0.37cvss 5.7epss 0.00
The MIB3 unit stores the synchronized phone contact book in clear-text, allowing an attacker with either code execution privilege on the system or physical access to the system to obtain vehicle owner's contact data. The vulnerability was originally discovered in Skoda Superb…
- risk 0.37cvss 5.7epss 0.00
Oxide before 6 has unencrypted Control Plane datastores.
- risk 0.36cvss 5.5epss 0.00
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, the getConstants() IPC handler in src/app/lib/ipc-sync.js serialises the entire process.env object and sends it to the renderer. The data is stored as…
- risk 0.36cvss 5.5epss 0.00
Cleartext Storage of Sensitive Information Vulnerability in GX Works2 all versions allows an attacker to disclose credential information stored in plaintext from project files. As a result, the attacker may be able to open project files protected by user authentication using…
- risk 0.36cvss —epss 0.00
A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster. A user who possesses this…
- risk 0.36cvss 5.5epss 0.00
Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the app’s filesystem.
- risk 0.36cvss 5.5epss 0.00
A local, low-privileged attacker can learn the password of the connected controller in PLC Designer V4 due to an incorrect implementation that results in the password being displayed in plain text under special conditions.
- risk 0.36cvss 5.5epss 0.00
An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs.
- risk 0.36cvss 5.5epss 0.01
A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use…
- risk 0.36cvss 5.5epss 0.00
Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file.
- risk 0.36cvss 5.5epss 0.00
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.
- risk 0.36cvss 5.5epss 0.00
Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users.
- risk 0.36cvss 5.5epss 0.00
Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user…
- risk 0.35cvss 6.5epss 0.00
OpenClaw before 2026.3.31 stores Nostr privateKey as plaintext in configuration, allowing exposure through config.get method calls that bypass redaction mechanisms. Attackers can retrieve unredacted configuration data to obtain plaintext signing keys used for Nostr protocol…
- risk 0.35cvss 6.5epss 0.00
OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to…
- risk 0.35cvss 6.5epss 0.00
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records (in directus_revisions) whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta…
- risk 0.35cvss 6.5epss 0.00
When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as…
- risk 0.35cvss —epss 0.00
This vulnerability exists in the Tinxy mobile app due to storage of logged-in user information in plaintext on the device database. An attacker with physical access to the rooted device could exploit this vulnerability by accessing its database leading to unauthorized access of…
- risk 0.34cvss —epss 0.00
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUST_LOG=debug sensitive credentials including SessionToken (JWT), SecretAccessKey, and full JWT…
- risk 0.34cvss —epss 0.00
This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive…