VYPR

CWE-319

Cleartext Transmission of Sensitive Information

BaseDraftLikelihood: High

Description

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-102 · CAPEC-117 · CAPEC-383 · CAPEC-477 · CAPEC-65

CVEs mapped to this weakness (302)

page 2 of 16
  • CVE-2025-2311CriMar 20, 2025
    risk 0.59cvss 9.0epss 0.00

    Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information…

  • CVE-2024-46505CriJan 9, 2025
    risk 0.59cvss 9.1epss 0.00

    Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities.

  • CVE-2022-39269CriOct 6, 2022
    risk 0.59cvss 9.1epss 0.01

    PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts…

  • CVE-2018-5402CriOct 8, 2018
    risk 0.59cvss 9.1epss 0.01

    The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and…

  • CVE-2018-5401CriOct 8, 2018
    risk 0.59cvss 9.1epss 0.01

    The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus…

  • CVE-2018-6018CriJan 24, 2018
    risk 0.59cvss 9.1epss 0.01

    Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android app allow an attacker to extract private sensitive information by sniffing network traffic.

  • CVE-2018-6017CriJan 24, 2018
    risk 0.59cvss 9.1epss 0.01

    Unencrypted transmission of images in Tinder iOS app and Tinder Android app allows an attacker to extract private sensitive information by sniffing network traffic.

  • CVE-2026-45432HigJun 4, 2026
    risk 0.57cvss epss 0.00

    This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information,…

  • CVE-2026-42514HigApr 29, 2026
    risk 0.57cvss epss 0.00

    This vulnerability exists in e-Sushrut due to exposure of OTPs in plaintext within API responses. A remote attacker could exploit this vulnerability by intercepting API responses containing valid OTPs. Successful exploitation of this vulnerability could allow an attacker to…

  • CVE-2026-22080HigJan 9, 2026
    risk 0.57cvss epss 0.00

    This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the transmission of credentials encoded using reversible Base64 encoding through the web-based administrative interface. An attacker on the same network could…

  • CVE-2026-22079HigJan 9, 2026
    risk 0.57cvss epss 0.00

    This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the plaintext transmission of login credentials during the initial login or post-factory reset setup through the web-based administrative interface. An attacker on…

  • CVE-2026-22544HigJan 7, 2026
    risk 0.57cvss epss 0.00

    An attacker with a network connection could detect credentials in clear text.

  • CVE-2025-50110HigSep 15, 2025
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query…

  • CVE-2025-52351HigAug 21, 2025
    risk 0.57cvss 8.8epss 0.00

    Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL (e.g., https://domain.com/activate=xyz). This practice can result in…

  • CVE-2025-53756HigJul 16, 2025
    risk 0.57cvss epss 0.00

    This vulnerability exists in Digisol DG-GR6821AC Router due to cleartext transmission of credentials in its web management interface. A remote attacker could exploit this vulnerability by intercepting the network traffic and capturing cleartext credentials. Successful…

  • CVE-2025-42603HigApr 23, 2025
    risk 0.57cvss epss 0.00

    This vulnerability exists in the Meon KYC solutions due to transmission of sensitive data in plain text within the response payloads of certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting API response that contains unencrypted…

  • CVE-2025-0631HigJan 28, 2025
    risk 0.57cvss epss 0.00

    A Credential Exposure Vulnerability exists in the above-mentioned product and version. The vulnerability is due to using HTTP resulting in credentials being sent in clear text.

  • CVE-2024-47789HigOct 4, 2024
    risk 0.57cvss epss 0.00

    ** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera D8801 due to usage of weak authentication scheme of the HTTP header protocol where authorization tag contain a Base-64 encoded username and password. A remote attacker could exploit this…

  • CVE-2018-8842HigSep 26, 2018
    risk 0.57cvss 8.8epss 0.01

    Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which…

  • CVE-2018-11050HigAug 1, 2018
    risk 0.57cvss 8.8epss 0.01

    Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component. User credentials are sent unencrypted to the remote…