VYPR

CWE-319

Cleartext Transmission of Sensitive Information

BaseDraftLikelihood: High

Description

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-102 · CAPEC-117 · CAPEC-383 · CAPEC-477 · CAPEC-65

CVEs mapped to this weakness (302)

page 1 of 16
  • CVE-2016-5649CriJul 24, 2018
    risk 0.66cvss 9.8epss 0.27

    A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin…

  • CVE-2025-61481CriOct 27, 2025
    risk 0.65cvss 10.0epss 0.00

    An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to execute injected JavaScript in the administrator’s browser and intercept credentials.

  • CVE-2025-4378CriJun 24, 2025
    risk 0.65cvss 10.0epss 0.00

    Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass. This issue affects ATA-AOF Mobile Application: before 20.06.2025.

  • CVE-2025-47419CriMay 6, 2025
    risk 0.65cvss epss 0.00

    Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic. The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords. This issue affects Automate…

  • CVE-2018-1297CriFeb 13, 2018
    risk 0.65cvss 9.8epss 0.10

    When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

  • CVE-2015-0987CriOct 6, 2015
    risk 0.65cvss 10.0epss 0.01

    Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request.

  • CVE-2026-48902CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.00

    The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.

  • CVE-2025-56447CriOct 22, 2025
    risk 0.64cvss 9.8epss 0.00

    TM2 Monitoring v3.04 contains an authentication bypass and plaintext credential disclosure.

  • CVE-2018-11749CriAug 24, 2018
    risk 0.64cvss 9.8epss 0.01

    When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It…

  • CVE-2018-8855CriJul 24, 2018
    risk 0.64cvss 9.8epss 0.01

    Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP.

  • CVE-2018-7246CriApr 18, 2018
    risk 0.64cvss 9.8epss 0.01

    A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to…

  • CVE-2018-6295CriMar 13, 2018
    risk 0.64cvss 9.8epss 0.01

    Unencrypted way of remote control and communications in Hanwha Techwin Smartcams

  • CVE-2018-7259CriFeb 20, 2018
    risk 0.64cvss 9.8epss 0.01

    The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx if a pirated serial number has been entered, which allows remote attackers to obtain sensitive information, e.g., by…

  • CVE-2017-15999CriOct 29, 2017
    risk 0.64cvss 9.8epss 0.01

    In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it…

  • CVE-2017-5259HigDec 20, 2017
    risk 0.63cvss 8.8epss 0.39

    In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https:///adm/syscmd.asp.

  • CVE-2025-7743CriSep 16, 2025
    risk 0.62cvss 9.6epss 0.00

    Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation. This issue affects Omaspot: before 12.09.2025.

  • CVE-2024-30209CriMay 14, 2024
    risk 0.62cvss 9.6epss 0.00

    A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating…

  • CVE-2018-12710HigAug 29, 2018
    risk 0.61cvss 8.0epss 0.77

    An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being…

  • CVE-2024-9834CriNov 14, 2024
    risk 0.60cvss 9.3epss 0.00

    Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.

  • CVE-2024-12378CriMay 8, 2025
    risk 0.59cvss 9.1epss 0.00

    On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.