CWE-522
Insufficiently Protected Credentials
Description
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-102 · CAPEC-474 · CAPEC-50 · CAPEC-509 · CAPEC-551 · CAPEC-555 · CAPEC-560 · CAPEC-561 · CAPEC-600 · CAPEC-644 · CAPEC-645 · CAPEC-652 · CAPEC-653
CVEs mapped to this weakness (561)
page 10 of 29| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-35467 | Hig | 0.42 | 7.5 | 0.00 | Apr 2, 2026 | The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials. | ||
| CVE-2025-15617 | Med | 0.42 | 6.5 | 0.00 | Mar 27, 2026 | Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUB_TOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as… | ||
| CVE-2026-32606 | Hig | 0.42 | 7.6 | 0.00 | Mar 18, 2026 | IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any… | ||
| CVE-2025-12636 | — | Med | 0.42 | 6.5 | 0.00 | Nov 6, 2025 | The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of… | |
| CVE-2025-24508 | Med | 0.42 | 6.4 | 0.00 | Jul 7, 2025 | Extraction of Account Connectivity Credentials (ACCs) from the IT Management Agent secure storage | ||
| CVE-2024-39290 | Med | 0.42 | 6.5 | 0.00 | Nov 22, 2024 | Insufficiently protected credentials issue exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent unauthenticated attacker may obtain sensitive information such as a username and its password in the address book. | ||
| CVE-2024-26330 | Med | 0.42 | 6.5 | 0.01 | Jun 11, 2024 | An issue was discovered in Kape CyberGhostVPN 8.4.3.12823 on Windows. After a successful logout, user credentials remain in memory while the process is still open, and can be obtained by dumping the process memory and parsing it. | ||
| CVE-2024-36127 | Hig | 0.42 | 7.5 | 0.00 | Jun 3, 2024 | apko is an apk-based OCI image builder. apko exposures HTTP basic auth credentials from repository and keyring URLs in log output. This vulnerability is fixed in v0.14.5. | ||
| CVE-2024-33849 | Med | 0.42 | 6.5 | 0.00 | May 28, 2024 | ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key. | ||
| CVE-2024-22266 | Med | 0.42 | 6.5 | 0.00 | May 8, 2024 | VMware Avi Load Balancer contains an information disclosure vulnerability. A malicious actor with access to the system logs can view cloud connection credentials in plaintext. | ||
| CVE-2024-23551 | — | Med | 0.42 | 6.5 | 0.00 | May 7, 2024 | Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially… | |
| CVE-2020-15791 | Med | 0.42 | 6.5 | 0.01 | Sep 9, 2020 | A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The… | ||
| CVE-2018-18074 | — | Hig | 0.42 | 7.5 | 0.07 | Oct 9, 2018 | The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. | |
| CVE-2018-17871 | Med | 0.42 | 6.5 | 0.02 | Oct 4, 2018 | Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Incorrect Access Control. | ||
| CVE-2015-7546 | Hig | 0.42 | 7.5 | 0.02 | Feb 3, 2016 | The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI… | ||
| CVE-2026-6517 | Med | 0.41 | 6.3 | 0.00 | Jun 15, 2026 | Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via… | ||
| CVE-2024-37362 | Med | 0.41 | 6.3 | 0.00 | Feb 20, 2025 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. (CWE-522) Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including… | ||
| CVE-2024-6749 | Med | 0.41 | 6.3 | 0.00 | Nov 26, 2024 | Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty Program, has found that the Incident report feature may expose sensitive credentials on the AXIS Camera Station windows client. If Incident report is not being used with credentials configured this flaw does not apply.… | ||
| CVE-2024-33497 | Med | 0.41 | 6.3 | 0.00 | May 14, 2024 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating… | ||
| CVE-2024-33496 | Med | 0.41 | 6.3 | 0.00 | May 14, 2024 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating… |
- risk 0.42cvss 7.5epss 0.00
The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials.
- risk 0.42cvss 6.5epss 0.00
Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUB_TOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as…
- risk 0.42cvss 7.6epss 0.00
IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any…
- risk 0.42cvss 6.5epss 0.00
The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of…
- risk 0.42cvss 6.4epss 0.00
Extraction of Account Connectivity Credentials (ACCs) from the IT Management Agent secure storage
- risk 0.42cvss 6.5epss 0.00
Insufficiently protected credentials issue exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent unauthenticated attacker may obtain sensitive information such as a username and its password in the address book.
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in Kape CyberGhostVPN 8.4.3.12823 on Windows. After a successful logout, user credentials remain in memory while the process is still open, and can be obtained by dumping the process memory and parsing it.
- risk 0.42cvss 7.5epss 0.00
apko is an apk-based OCI image builder. apko exposures HTTP basic auth credentials from repository and keyring URLs in log output. This vulnerability is fixed in v0.14.5.
- risk 0.42cvss 6.5epss 0.00
ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key.
- risk 0.42cvss 6.5epss 0.00
VMware Avi Load Balancer contains an information disclosure vulnerability. A malicious actor with access to the system logs can view cloud connection credentials in plaintext.
- risk 0.42cvss 6.5epss 0.00
Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially…
- risk 0.42cvss 6.5epss 0.01
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The…
- risk 0.42cvss 7.5epss 0.07
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
- risk 0.42cvss 6.5epss 0.02
Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Incorrect Access Control.
- risk 0.42cvss 7.5epss 0.02
The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI…
- risk 0.41cvss 6.3epss 0.00
Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via…
- risk 0.41cvss 6.3epss 0.00
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. (CWE-522) Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including…
- risk 0.41cvss 6.3epss 0.00
Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty Program, has found that the Incident report feature may expose sensitive credentials on the AXIS Camera Station windows client. If Incident report is not being used with credentials configured this flaw does not apply.…
- risk 0.41cvss 6.3epss 0.00
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating…
- risk 0.41cvss 6.3epss 0.00
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating…