VYPR

CWE-319

Cleartext Transmission of Sensitive Information

BaseDraftLikelihood: High

Description

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-102 · CAPEC-117 · CAPEC-383 · CAPEC-477 · CAPEC-65

CVEs mapped to this weakness (302)

page 5 of 16
  • CVE-2016-5638HigJul 24, 2018
    risk 0.49cvss 7.5epss 0.03

    There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can access genie_ping.htm or…

  • CVE-2018-4227HigJun 8, 2018
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration.

  • CVE-2017-12310HigMar 27, 2018
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional…

  • CVE-2017-14486HigDec 1, 2017
    risk 0.49cvss 7.5epss 0.01

    The Vibease Wireless Remote Vibrator app for Android and the Vibease Chat app for iOS use cleartext to exchange messages with other apps and the PLAIN SASL mechanism to send auth tokens to Vibease servers, which allows remote attackers to obtain user credentials, messages, and…

  • CVE-2017-7133HigOct 23, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "MobileBackup" component. It allows remote attackers to obtain sensitive cleartext information in opportunistic circumstances by leveraging read access to a backup archive that…

  • CVE-2017-15290HigOct 12, 2017
    risk 0.49cvss 7.5epss 0.01

    Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before 7.5.15, and 8.x before 8.1.1 has a login process in which cleartext data is sent from a server to a client, and not all of this data is required for the client functionality.

  • CVE-2017-1000024HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.01

    Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission

  • CVE-2017-5652HigJul 10, 2017
    risk 0.49cvss 7.5epss 0.01

    During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber class which did not use the…

  • CVE-2008-4122HigDec 19, 2008
    risk 0.49cvss 7.5epss 0.01

    Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

  • CVE-2008-4390HigDec 9, 2008
    risk 0.49cvss 7.5epss 0.03

    The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network.

  • CVE-2008-3289HigJul 24, 2008
    risk 0.49cvss 7.5epss 0.05

    EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified point, which allows remote attackers to obtain sensitive information via a crafted packet.

  • CVE-2008-0374HigJan 22, 2008
    risk 0.49cvss 7.5epss 0.02

    OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777.

  • CVE-2005-3140HigOct 5, 2005
    risk 0.49cvss 7.5epss 0.02

    Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map (passwd.nis) as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain the cleartext NIS password hashes.

  • CVE-2002-1949HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.01

    The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password.

  • CVE-2025-41708HigSep 8, 2025
    risk 0.48cvss 7.4epss 0.00

    Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.

  • CVE-2025-27720HigMay 8, 2025
    risk 0.48cvss 7.4epss 0.00

    The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials.

  • CVE-2024-27166HigJun 14, 2024
    risk 0.48cvss 7.4epss 0.00

    Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference URL.

  • CVE-2018-8929HigJul 6, 2018
    risk 0.48cvss 7.3epss 0.01

    Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload.

  • CVE-2017-9035HigMay 26, 2017
    risk 0.48cvss 7.4epss 0.04

    Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers.

  • CVE-2017-0925HigMar 21, 2018
    risk 0.47cvss 7.2epss 0.01

    Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.