CWE-319
Cleartext Transmission of Sensitive Information
Description
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-102 · CAPEC-117 · CAPEC-383 · CAPEC-477 · CAPEC-65
CVEs mapped to this weakness (302)
page 2 of 16| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-2311 | Cri | 0.59 | 9.0 | 0.00 | Mar 20, 2025 | Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information… | ||
| CVE-2024-46505 | Cri | 0.59 | 9.1 | 0.00 | Jan 9, 2025 | Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities. | ||
| CVE-2022-39269 | Cri | 0.59 | 9.1 | 0.01 | Oct 6, 2022 | PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts… | ||
| CVE-2018-5402 | Cri | 0.59 | 9.1 | 0.01 | Oct 8, 2018 | The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and… | ||
| CVE-2018-5401 | Cri | 0.59 | 9.1 | 0.01 | Oct 8, 2018 | The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus… | ||
| CVE-2018-6018 | Cri | 0.59 | 9.1 | 0.01 | Jan 24, 2018 | Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android app allow an attacker to extract private sensitive information by sniffing network traffic. | ||
| CVE-2018-6017 | Cri | 0.59 | 9.1 | 0.01 | Jan 24, 2018 | Unencrypted transmission of images in Tinder iOS app and Tinder Android app allows an attacker to extract private sensitive information by sniffing network traffic. | ||
| CVE-2026-45432 | Hig | 0.57 | — | 0.00 | Jun 4, 2026 | This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information,… | ||
| CVE-2026-42514 | — | Hig | 0.57 | — | 0.00 | Apr 29, 2026 | This vulnerability exists in e-Sushrut due to exposure of OTPs in plaintext within API responses. A remote attacker could exploit this vulnerability by intercepting API responses containing valid OTPs. Successful exploitation of this vulnerability could allow an attacker to… | |
| CVE-2026-22080 | Hig | 0.57 | — | 0.00 | Jan 9, 2026 | This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the transmission of credentials encoded using reversible Base64 encoding through the web-based administrative interface. An attacker on the same network could… | ||
| CVE-2026-22079 | Hig | 0.57 | — | 0.00 | Jan 9, 2026 | This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the plaintext transmission of login credentials during the initial login or post-factory reset setup through the web-based administrative interface. An attacker on… | ||
| CVE-2026-22544 | — | Hig | 0.57 | — | 0.00 | Jan 7, 2026 | An attacker with a network connection could detect credentials in clear text. | |
| CVE-2025-50110 | Hig | 0.57 | 8.8 | 0.00 | Sep 15, 2025 | An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query… | ||
| CVE-2025-52351 | Hig | 0.57 | 8.8 | 0.00 | Aug 21, 2025 | Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL (e.g., https://domain.com/activate=xyz). This practice can result in… | ||
| CVE-2025-53756 | Hig | 0.57 | — | 0.00 | Jul 16, 2025 | This vulnerability exists in Digisol DG-GR6821AC Router due to cleartext transmission of credentials in its web management interface. A remote attacker could exploit this vulnerability by intercepting the network traffic and capturing cleartext credentials. Successful… | ||
| CVE-2025-42603 | — | Hig | 0.57 | — | 0.00 | Apr 23, 2025 | This vulnerability exists in the Meon KYC solutions due to transmission of sensitive data in plain text within the response payloads of certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting API response that contains unencrypted… | |
| CVE-2025-0631 | — | Hig | 0.57 | — | 0.00 | Jan 28, 2025 | A Credential Exposure Vulnerability exists in the above-mentioned product and version. The vulnerability is due to using HTTP resulting in credentials being sent in clear text. | |
| CVE-2024-47789 | Hig | 0.57 | — | 0.00 | Oct 4, 2024 | ** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera D8801 due to usage of weak authentication scheme of the HTTP header protocol where authorization tag contain a Base-64 encoded username and password. A remote attacker could exploit this… | ||
| CVE-2018-8842 | Hig | 0.57 | 8.8 | 0.01 | Sep 26, 2018 | Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which… | ||
| CVE-2018-11050 | Hig | 0.57 | 8.8 | 0.01 | Aug 1, 2018 | Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component. User credentials are sent unencrypted to the remote… |
- risk 0.59cvss 9.0epss 0.00
Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information…
- risk 0.59cvss 9.1epss 0.00
Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities.
- risk 0.59cvss 9.1epss 0.01
PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts…
- risk 0.59cvss 9.1epss 0.01
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and…
- risk 0.59cvss 9.1epss 0.01
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus…
- risk 0.59cvss 9.1epss 0.01
Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android app allow an attacker to extract private sensitive information by sniffing network traffic.
- risk 0.59cvss 9.1epss 0.01
Unencrypted transmission of images in Tinder iOS app and Tinder Android app allows an attacker to extract private sensitive information by sniffing network traffic.
- risk 0.57cvss —epss 0.00
This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information,…
- risk 0.57cvss —epss 0.00
This vulnerability exists in e-Sushrut due to exposure of OTPs in plaintext within API responses. A remote attacker could exploit this vulnerability by intercepting API responses containing valid OTPs. Successful exploitation of this vulnerability could allow an attacker to…
- risk 0.57cvss —epss 0.00
This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the transmission of credentials encoded using reversible Base64 encoding through the web-based administrative interface. An attacker on the same network could…
- risk 0.57cvss —epss 0.00
This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the plaintext transmission of login credentials during the initial login or post-factory reset setup through the web-based administrative interface. An attacker on…
- risk 0.57cvss —epss 0.00
An attacker with a network connection could detect credentials in clear text.
- risk 0.57cvss 8.8epss 0.00
An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query…
- risk 0.57cvss 8.8epss 0.00
Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL (e.g., https://domain.com/activate=xyz). This practice can result in…
- risk 0.57cvss —epss 0.00
This vulnerability exists in Digisol DG-GR6821AC Router due to cleartext transmission of credentials in its web management interface. A remote attacker could exploit this vulnerability by intercepting the network traffic and capturing cleartext credentials. Successful…
- risk 0.57cvss —epss 0.00
This vulnerability exists in the Meon KYC solutions due to transmission of sensitive data in plain text within the response payloads of certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting API response that contains unencrypted…
- risk 0.57cvss —epss 0.00
A Credential Exposure Vulnerability exists in the above-mentioned product and version. The vulnerability is due to using HTTP resulting in credentials being sent in clear text.
- risk 0.57cvss —epss 0.00
** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera D8801 due to usage of weak authentication scheme of the HTTP header protocol where authorization tag contain a Base-64 encoded username and password. A remote attacker could exploit this…
- risk 0.57cvss 8.8epss 0.01
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which…
- risk 0.57cvss 8.8epss 0.01
Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component. User credentials are sent unencrypted to the remote…