CWE-522
Insufficiently Protected Credentials
ClassIncomplete
Description
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-102 · CAPEC-474 · CAPEC-50 · CAPEC-509 · CAPEC-551 · CAPEC-555 · CAPEC-560 · CAPEC-561 · CAPEC-600 · CAPEC-644 · CAPEC-645 · CAPEC-652 · CAPEC-653
CVEs mapped to this weakness (204)
page 10 of 11| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-42295 | Med | 0.25 | 4.9 | 0.00 | May 9, 2026 | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials (S3 access keys, secret keys, GCS service account keys, Azure account keys, Git passwords, etc.) in plaintext on artifact operation. Any user with read access to workflow pod logs can extract these credentials. This issue has been patched in version 4.0.5. | |
| CVE-2025-62794 | Low | 0.25 | 3.8 | 0.00 | Oct 28, 2025 | GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" api. An attacker with read only access to your home directory could have read this token and used it to perform actions with that token. Update to 0.0.7. | |
| CVE-2025-52623 | Low | 0.24 | 3.7 | 0.00 | Feb 3, 2026 | HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. This issue affects AION: 2.0. | |
| CVE-2024-11856 | Low | 0.24 | 3.7 | 0.00 | Dec 2, 2024 | A security vulnerability in HPE IceWall products could be exploited remotely to cause Unauthorized Data Modification. | |
| CVE-2024-30119 | Low | 0.24 | 3.7 | 0.00 | Jun 14, 2024 | HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection. | |
| CVE-2026-7038 | Low | 0.21 | 3.3 | 0.00 | Apr 26, 2026 | A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently protected credentials. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | |
| CVE-2025-62312 | Low | 0.20 | 3.0 | 0.00 | May 14, 2026 | HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic authorization mechanisms may expose credentials to potential interception or misuse, especially if not combined with secure transmission practices. | |
| CVE-2025-6526 | Low | 0.20 | 3.1 | 0.00 | Jun 23, 2025 | A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611. This issue affects some unknown processing of the component HTTP Server. The manipulation leads to insufficiently protected credentials. The attack can only be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2025-62345 | Low | 0.18 | 2.7 | 0.00 | May 6, 2026 | HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure “Input Text” Vulnerability . A component contains a security weakness in its input handling implementation, increasing the risk of misconfiguration and operational errors. | |
| CVE-2026-6408 | Low | 0.18 | 2.7 | 0.00 | Apr 22, 2026 | Tanium addressed an information disclosure vulnerability in Tanium Server. | |
| CVE-2026-27316 | Low | 0.18 | 2.7 | 0.00 | Apr 14, 2026 | A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection. | |
| CVE-2025-67860 | Low | 0.18 | 3.8 | 0.00 | Feb 25, 2026 | A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users. | |
| CVE-2025-0760 | Low | 0.18 | 2.7 | 0.00 | Feb 26, 2025 | A Credential Disclosure vulnerability exists where an administrator could extract the stored SMTP account credentials due to lack of encryption. | |
| CVE-2026-1966 | Low | 0.16 | — | 0.00 | Feb 5, 2026 | YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services. | |
| CVE-2012-5627 | 0.03 | — | 0.04 | Oct 1, 2013 | Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks. | ||
| CVE-2026-8368 | 0.00 | — | 0.00 | May 12, 2026 | LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorization headers are sent unchanged to the redirect target, including across scheme, host, or port changes. A redirect to an attacker controlled host therefore discloses the caller's credentials to that host. | ||
| CVE-2015-5955 | 0.00 | — | 0.00 | Oct 29, 2015 | ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers. | ||
| CVE-2015-3962 | 0.00 | — | 0.00 | Sep 18, 2015 | Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the client-server data stream, which allows remote attackers to discover credentials by sniffing the network. | ||
| CVE-2014-0755 | 0.00 | — | 0.00 | Feb 5, 2014 | Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors. | ||
| CVE-2013-4222 | 0.00 | — | 0.01 | Sep 30, 2013 | OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token. |