CWE-319
Cleartext Transmission of Sensitive Information
BaseDraftLikelihood: High
Description
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-102 · CAPEC-117 · CAPEC-383 · CAPEC-477 · CAPEC-65
CVEs mapped to this weakness (155)
page 2 of 8| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-0631 | Hig | 0.57 | — | 0.00 | Jan 28, 2025 | A Credential Exposure Vulnerability exists in the above-mentioned product and version. The vulnerability is due to using HTTP resulting in credentials being sent in clear text. | |
| CVE-2024-47789 | Hig | 0.57 | — | 0.00 | Oct 4, 2024 | ** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera D8801 due to usage of weak authentication scheme of the HTTP header protocol where authorization tag contain a Base-64 encoded username and password. A remote attacker could exploit this vulnerability by crafting a HTTP packet leading to exposure of user credentials of the targeted device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |
| CVE-2025-47698 | Hig | 0.56 | — | 0.00 | Sep 18, 2025 | An adjacent attacker without authentication can exploit this vulnerability to retrieve a set of user-privileged credentials. These credentials are present during the firmware upgrade procedure. | |
| CVE-2012-5562 | Hig | 0.56 | 8.6 | 0.01 | Dec 2, 2019 | A flaw was found in rhn-proxy. This vulnerability may allow the rhn-proxy to transmit user credentials in clear-text when it accesses RHN Satellite. This could lead to information disclosure, where sensitive authentication details are exposed to unauthorized parties. | |
| CVE-2025-12508 | Hig | 0.55 | 8.4 | 0.00 | Oct 31, 2025 | When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality. | |
| CVE-2025-6180 | Hig | 0.55 | — | 0.00 | Aug 20, 2025 | The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication credentials through a race condition. | |
| CVE-2025-10174 | Hig | 0.54 | 8.3 | 0.00 | Feb 11, 2026 | Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. PanCafe Pro allows Flooding.This issue affects PanCafe Pro: from < 3.3.2 through 23092025. | |
| CVE-2025-64389 | Hig | 0.54 | — | 0.00 | Oct 31, 2025 | The web server of the device performs exchanges of sensitive information in clear text through an insecure protocol. | |
| CVE-2024-1657 | Hig | 0.53 | 8.1 | 0.00 | Apr 25, 2024 | A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of confidentiality and integrity of the system. | |
| CVE-2017-1694 | Hig | 0.53 | 8.1 | 0.00 | Dec 20, 2017 | IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. IBM X-Force ID: 134165. | |
| CVE-2017-6432 | Hig | 0.53 | 8.1 | 0.00 | Mar 9, 2017 | An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which allows creation of fully privileged new users, in addition to capture of sensitive information. | |
| CVE-2025-54818 | Hig | 0.52 | 8.0 | 0.00 | Sep 18, 2025 | Cognex In-Sight Explorer and In-Sight Camera Firmware expose a proprietary protocol on TCP port 1069 to perform management operations such as modifying system properties. The user management functionality handles sensitive data such as registered usernames and passwords over an unencrypted channel, allowing an adjacent attacker to intercept valid credentials to gain access to the device. | |
| CVE-2026-6276 | Hig | 0.49 | 7.5 | 0.00 | May 13, 2026 | Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same *easy handle* but without the custom `Host:` header set, the second request would use stale information and pass on cookies meant for the first host in the second request. Leak them. | |
| CVE-2026-45180 | Hig | 0.49 | 7.5 | 0.00 | May 10, 2026 | Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids. If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on another network), then users' session ids may be leaked. This may allow an attacker to use session ids as authentication tokens. | |
| CVE-2026-41275 | Hig | 0.49 | 7.5 | 0.00 | Apr 23, 2026 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password reset functionality on cloud.flowiseai.com sends a reset password link over the unsecured HTTP protocol instead of HTTPS. This behavior introduces the risk of a man-in-the-middle (MITM) attack, where an attacker on the same network as the user (e.g., public Wi-Fi) can intercept the reset link and gain unauthorized access to the victim’s account. This vulnerability is fixed in 3.1.0. | |
| CVE-2026-31923 | Hig | 0.49 | 7.5 | 0.00 | Apr 14, 2026 | Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. This can occur due to `ssl_verify` in openid-connect plugin configuration being set to false by default. This issue affects Apache APISIX: from 0.7 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue. | |
| CVE-2026-5115 | Hig | 0.49 | 7.5 | 0.00 | Mar 31, 2026 | The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function device. It was internally discovered that the communication channel between the embedded application and the server was insecure, which could leak data including sensitive information that may be used to mount an attack on the device. Such an attack could potentially be used to steal data or to perform a phishing attack on the end user. | |
| CVE-2026-24455 | Hig | 0.49 | 7.5 | 0.00 | Feb 20, 2026 | The embedded web interface of the device does not support HTTPS/TLS for authentication and uses HTTP Basic Authentication. Traffic is encoded but not encrypted, exposing user credentials to passive interception by attackers on the same network. | |
| CVE-2020-36917 | Hig | 0.49 | 7.5 | 0.00 | Jan 6, 2026 | iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords during man-in-the-middle attacks on HTTP communications. | |
| CVE-2020-36914 | Hig | 0.49 | 7.5 | 0.00 | Jan 6, 2026 | QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform man-in-the-middle attacks to capture and potentially misuse stored authentication credentials transmitted in an insecure manner. |