CWE-522
Insufficiently Protected Credentials
Description
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-102 · CAPEC-474 · CAPEC-50 · CAPEC-509 · CAPEC-551 · CAPEC-555 · CAPEC-560 · CAPEC-561 · CAPEC-600 · CAPEC-644 · CAPEC-645 · CAPEC-652 · CAPEC-653
CVEs mapped to this weakness (561)
page 11 of 29| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41715 | Med | 0.40 | 6.1 | 0.00 | Jun 9, 2026 | In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects. Affected versions: Reactor Netty… | ||
| CVE-2025-15622 | Med | 0.40 | — | 0.00 | Apr 17, 2026 | Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the… | ||
| CVE-2025-64998 | Hig | 0.40 | 7.2 | 0.00 | Mar 24, 2026 | Exposure of session signing secret in Checkmk <2.4.0p23, <2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session cookies. | ||
| CVE-2021-47759 | — | Med | 0.40 | 6.2 | 0.00 | Jan 15, 2026 | MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attackers to view SSH connection passwords through Windows PowerShell process listing. Attackers can run a PowerShell command to retrieve the full command line of MTPutty processes,… | |
| CVE-2024-28325 | Med | 0.40 | 6.1 | 0.00 | Apr 26, 2024 | Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings. | ||
| CVE-2024-29216 | — | Med | 0.40 | 6.1 | 0.00 | Mar 25, 2024 | Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By sending a specific IOCTL request, a user without the administrator privilege may perform I/O to arbitrary hardware port or physical address, resulting in erasing or altering the… | |
| CVE-2018-1498 | Med | 0.40 | 6.2 | 0.00 | Oct 2, 2018 | IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 141223. | ||
| CVE-2018-13390 | Med | 0.40 | 6.1 | 0.00 | Aug 10, 2018 | Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users' roles. | ||
| CVE-2026-53840 | Hig | 0.39 | 7.1 | 0.00 | Jun 16, 2026 | OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards operator-configured custom headers during cross-origin redirects. Attackers controlling or compromising an MCP endpoint can redirect requests to exfiltrate… | ||
| CVE-2026-39968 | Hig | 0.39 | 7.1 | 0.00 | May 22, 2026 | TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 ("Credential Theft via Client-Side Script Execution and API Authorization Bypass") is incomplete. While the builder's getCredentials tRPC endpoint was patched with workspace… | ||
| CVE-2025-6571 | — | Med | 0.39 | 6.0 | 0.00 | Nov 11, 2025 | A 3rd-party component exposed its password in process arguments, allowing for low-privileged users to access it. | |
| CVE-2025-46820 | Hig | 0.39 | 7.1 | 0.00 | May 6, 2025 | phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUB_TOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory,… | ||
| CVE-2026-45726 | hig | 0.38 | — | 0.00 | Jun 5, 2026 | ## Summary Omni supports importing standalone Talos clusters. During this process, an ImportedClusterSecrets resource is created, which contains the full CA secrets bundle for the cluster being imported. If these secrets are not rotated by the importing actor, an… | ||
| CVE-2025-57806 | Med | 0.38 | — | 0.00 | Sep 3, 2025 | Local Deep Research is an AI-powered research assistant for deep, iterative research. Versions 0.2.0 through 0.6.7 stored confidential information, including API keys, in a local SQLite database without encryption. This behavior was not clearly documented outside of the database… | ||
| CVE-2025-54876 | Med | 0.38 | — | 0.00 | Aug 6, 2025 | The Janssen Project is an open-source identity and access management (IAM) platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local cli_cmd.log file. This is fixed in the nightly prerelease. | ||
| CVE-2025-32963 | Med | 0.38 | — | 0.01 | Apr 22, 2025 | MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the `spec.audiences` field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may… | ||
| CVE-2017-1411 | Med | 0.38 | 5.9 | 0.01 | Aug 6, 2018 | IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 127399. | ||
| CVE-2017-16718 | Med | 0.38 | 5.9 | 0.00 | Jun 27, 2018 | Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with… | ||
| CVE-2025-15621 | Med | 0.37 | — | 0.00 | Apr 16, 2026 | Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication | ||
| CVE-2026-26049 | — | Med | 0.37 | 5.7 | 0.00 | Feb 20, 2026 | The web management interface of the device renders the passwords in a plaintext input field. The current password is directly visible to anyone with access to the UI, potentially exposing administrator credentials to unauthorized observation via shoulder surfing, … |
- risk 0.40cvss 6.1epss 0.00
In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects. Affected versions: Reactor Netty…
- risk 0.40cvss —epss 0.00
Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the…
- risk 0.40cvss 7.2epss 0.00
Exposure of session signing secret in Checkmk <2.4.0p23, <2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session cookies.
- risk 0.40cvss 6.2epss 0.00
MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attackers to view SSH connection passwords through Windows PowerShell process listing. Attackers can run a PowerShell command to retrieve the full command line of MTPutty processes,…
- risk 0.40cvss 6.1epss 0.00
Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings.
- risk 0.40cvss 6.1epss 0.00
Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By sending a specific IOCTL request, a user without the administrator privilege may perform I/O to arbitrary hardware port or physical address, resulting in erasing or altering the…
- risk 0.40cvss 6.2epss 0.00
IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 141223.
- risk 0.40cvss 6.1epss 0.00
Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users' roles.
- risk 0.39cvss 7.1epss 0.00
OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards operator-configured custom headers during cross-origin redirects. Attackers controlling or compromising an MCP endpoint can redirect requests to exfiltrate…
- risk 0.39cvss 7.1epss 0.00
TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 ("Credential Theft via Client-Side Script Execution and API Authorization Bypass") is incomplete. While the builder's getCredentials tRPC endpoint was patched with workspace…
- risk 0.39cvss 6.0epss 0.00
A 3rd-party component exposed its password in process arguments, allowing for low-privileged users to access it.
- risk 0.39cvss 7.1epss 0.00
phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUB_TOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory,…
- risk 0.38cvss —epss 0.00
## Summary Omni supports importing standalone Talos clusters. During this process, an ImportedClusterSecrets resource is created, which contains the full CA secrets bundle for the cluster being imported. If these secrets are not rotated by the importing actor, an…
- risk 0.38cvss —epss 0.00
Local Deep Research is an AI-powered research assistant for deep, iterative research. Versions 0.2.0 through 0.6.7 stored confidential information, including API keys, in a local SQLite database without encryption. This behavior was not clearly documented outside of the database…
- risk 0.38cvss —epss 0.00
The Janssen Project is an open-source identity and access management (IAM) platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local cli_cmd.log file. This is fixed in the nightly prerelease.
- risk 0.38cvss —epss 0.01
MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the `spec.audiences` field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may…
- risk 0.38cvss 5.9epss 0.01
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 127399.
- risk 0.38cvss 5.9epss 0.00
Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with…
- risk 0.37cvss —epss 0.00
Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication
- risk 0.37cvss 5.7epss 0.00
The web management interface of the device renders the passwords in a plaintext input field. The current password is directly visible to anyone with access to the UI, potentially exposing administrator credentials to unauthorized observation via shoulder surfing, …