CWE-319
Cleartext Transmission of Sensitive Information
Description
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-102 · CAPEC-117 · CAPEC-383 · CAPEC-477 · CAPEC-65
CVEs mapped to this weakness (302)
page 1 of 16| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-5649 | Cri | 0.66 | 9.8 | 0.27 | Jul 24, 2018 | A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin… | ||
| CVE-2025-61481 | Cri | 0.65 | 10.0 | 0.00 | Oct 27, 2025 | An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to execute injected JavaScript in the administrator’s browser and intercept credentials. | ||
| CVE-2025-4378 | Cri | 0.65 | 10.0 | 0.00 | Jun 24, 2025 | Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass. This issue affects ATA-AOF Mobile Application: before 20.06.2025. | ||
| CVE-2025-47419 | Cri | 0.65 | — | 0.00 | May 6, 2025 | Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic. The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords. This issue affects Automate… | ||
| CVE-2018-1297 | — | Cri | 0.65 | 9.8 | 0.10 | Feb 13, 2018 | When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code. | |
| CVE-2015-0987 | Cri | 0.65 | 10.0 | 0.01 | Oct 6, 2015 | Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request. | ||
| CVE-2026-48902 | Cri | 0.64 | 9.8 | 0.00 | May 26, 2026 | The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set. | ||
| CVE-2025-56447 | Cri | 0.64 | 9.8 | 0.00 | Oct 22, 2025 | TM2 Monitoring v3.04 contains an authentication bypass and plaintext credential disclosure. | ||
| CVE-2018-11749 | Cri | 0.64 | 9.8 | 0.01 | Aug 24, 2018 | When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It… | ||
| CVE-2018-8855 | Cri | 0.64 | 9.8 | 0.01 | Jul 24, 2018 | Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP. | ||
| CVE-2018-7246 | Cri | 0.64 | 9.8 | 0.01 | Apr 18, 2018 | A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to… | ||
| CVE-2018-6295 | Cri | 0.64 | 9.8 | 0.01 | Mar 13, 2018 | Unencrypted way of remote control and communications in Hanwha Techwin Smartcams | ||
| CVE-2018-7259 | Cri | 0.64 | 9.8 | 0.01 | Feb 20, 2018 | The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx if a pirated serial number has been entered, which allows remote attackers to obtain sensitive information, e.g., by… | ||
| CVE-2017-15999 | Cri | 0.64 | 9.8 | 0.01 | Oct 29, 2017 | In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it… | ||
| CVE-2017-5259 | Hig | 0.63 | 8.8 | 0.39 | Dec 20, 2017 | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https:///adm/syscmd.asp. | ||
| CVE-2025-7743 | Cri | 0.62 | 9.6 | 0.00 | Sep 16, 2025 | Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation. This issue affects Omaspot: before 12.09.2025. | ||
| CVE-2024-30209 | Cri | 0.62 | 9.6 | 0.00 | May 14, 2024 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating… | ||
| CVE-2018-12710 | Hig | 0.61 | 8.0 | 0.77 | Aug 29, 2018 | An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being… | ||
| CVE-2024-9834 | — | Cri | 0.60 | 9.3 | 0.00 | Nov 14, 2024 | Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance. | |
| CVE-2024-12378 | Cri | 0.59 | 9.1 | 0.00 | May 8, 2025 | On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear. |
- risk 0.66cvss 9.8epss 0.27
A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin…
- risk 0.65cvss 10.0epss 0.00
An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to execute injected JavaScript in the administrator’s browser and intercept credentials.
- risk 0.65cvss 10.0epss 0.00
Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass. This issue affects ATA-AOF Mobile Application: before 20.06.2025.
- risk 0.65cvss —epss 0.00
Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic. The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords. This issue affects Automate…
- risk 0.65cvss 9.8epss 0.10
When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.
- risk 0.65cvss 10.0epss 0.01
Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request.
- risk 0.64cvss 9.8epss 0.00
The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.
- risk 0.64cvss 9.8epss 0.00
TM2 Monitoring v3.04 contains an authentication bypass and plaintext credential disclosure.
- risk 0.64cvss 9.8epss 0.01
When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It…
- risk 0.64cvss 9.8epss 0.01
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP.
- risk 0.64cvss 9.8epss 0.01
A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to…
- risk 0.64cvss 9.8epss 0.01
Unencrypted way of remote control and communications in Hanwha Techwin Smartcams
- risk 0.64cvss 9.8epss 0.01
The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx if a pirated serial number has been entered, which allows remote attackers to obtain sensitive information, e.g., by…
- risk 0.64cvss 9.8epss 0.01
In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it…
- risk 0.63cvss 8.8epss 0.39
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https:///adm/syscmd.asp.
- risk 0.62cvss 9.6epss 0.00
Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation. This issue affects Omaspot: before 12.09.2025.
- risk 0.62cvss 9.6epss 0.00
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating…
- risk 0.61cvss 8.0epss 0.77
An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being…
- risk 0.60cvss 9.3epss 0.00
Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.
- risk 0.59cvss 9.1epss 0.00
On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.