CWE-522
Insufficiently Protected Credentials
Description
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-102 · CAPEC-474 · CAPEC-50 · CAPEC-509 · CAPEC-551 · CAPEC-555 · CAPEC-560 · CAPEC-561 · CAPEC-600 · CAPEC-644 · CAPEC-645 · CAPEC-652 · CAPEC-653
CVEs mapped to this weakness (561)
page 12 of 29| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-34062 | Med | 0.37 | — | 0.00 | Jul 1, 2025 | An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directory_token—which may be retrievable from host registry keys or improperly secured logs—can… | ||
| CVE-2024-42012 | Med | 0.37 | 5.7 | 0.00 | Jan 22, 2025 | GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's Blocky password and from… | ||
| CVE-2022-27774 | Med | 0.37 | 5.7 | 0.02 | Jun 2, 2022 | An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on… | ||
| CVE-2025-35941 | — | Med | 0.36 | 5.5 | 0.00 | Jun 11, 2025 | A password is exposed locally. | |
| CVE-2025-23040 | Med | 0.36 | 6.6 | 0.01 | Jan 15, 2025 | GitHub Desktop is an open-source Electron-based GitHub app designed for git development. An attacker convincing a user to clone a repository directly or through a submodule can allow the attacker access to the user's credentials through the use of maliciously crafted remote URL.… | ||
| CVE-2024-54471 | Med | 0.36 | 5.5 | 0.00 | Dec 12, 2024 | This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious application may be able to leak a user's credentials. | ||
| CVE-2024-47142 | Med | 0.36 | 5.5 | 0.00 | Nov 22, 2024 | AIPHONE IXG SYSTEM IXG-2C7 firmware Ver.2.03 and earlier and IXG-2C7-L firmware Ver.2.03 and earlier contain an issue with insufficiently protected credentials, which may allow a network-adjacent authenticated attacker to perform unintended operations. | ||
| CVE-2020-10727 | Med | 0.36 | 5.5 | 0.01 | Jun 26, 2020 | A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use… | ||
| CVE-2018-11752 | Med | 0.36 | 5.5 | 0.00 | Oct 2, 2018 | Previous releases of the Puppet cisco_ios module output SSH session debug information including login credentials to a world readable file on every run. These issues have been resolved in the 0.4.0 release. | ||
| CVE-2017-1207 | Med | 0.36 | 5.5 | 0.00 | Jul 5, 2017 | IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777. | ||
| CVE-2017-6694 | Med | 0.36 | 5.5 | 0.00 | Jun 13, 2017 | A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system. More Information: CSCvd29355. Known Affected… | ||
| CVE-2015-5013 | Med | 0.36 | 5.5 | 0.00 | Feb 8, 2017 | The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access. | ||
| CVE-2014-4806 | Med | 0.36 | 5.5 | 0.00 | Aug 29, 2014 | The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain… | ||
| CVE-2026-42951 | Med | 0.35 | 5.4 | 0.00 | May 29, 2026 | An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes. | ||
| CVE-2026-6345 | Med | 0.35 | 6.5 | 0.00 | May 18, 2026 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail prevent disclosure of created user password which allows a malicious attacker to impersonate a user via the use of some of those passwords.. Mattermost Advisory ID: MMSA-2026-00614 | ||
| CVE-2026-8368 | Med | 0.35 | 6.5 | 0.00 | May 12, 2026 | LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and… | ||
| CVE-2026-6446 | Med | 0.35 | 5.4 | 0.00 | May 2, 2026 | The My Social Feeds – Social Feeds Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 1.0.4 via the 'ttp_get_accounts' AJAX action. This is due to the complete absence of authorization checks (no capability… | ||
| CVE-2026-28909 | Med | 0.35 | 6.5 | 0.00 | Apr 30, 2026 | Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3. | ||
| CVE-2025-37728 | Med | 0.35 | 5.4 | 0.00 | Oct 7, 2025 | Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike credentials being leaked. A malicious user can access cached credentials from a Crowdstrike connector in another space by creating and running a Crowdstrike connector in a space to which… | ||
| CVE-2017-8446 | Med | 0.35 | 5.3 | 0.01 | Aug 18, 2017 | The Reporting feature in X-Pack in versions prior to 5.5.2 and standalone Reporting plugin versions versions prior to 2.4.6 had an impersonation vulnerability. A user with the reporting_user role could execute a report with the permissions of another reporting user, possibly… |
- risk 0.37cvss —epss 0.00
An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directory_token—which may be retrievable from host registry keys or improperly secured logs—can…
- risk 0.37cvss 5.7epss 0.00
GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's Blocky password and from…
- risk 0.37cvss 5.7epss 0.02
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on…
- risk 0.36cvss 5.5epss 0.00
A password is exposed locally.
- risk 0.36cvss 6.6epss 0.01
GitHub Desktop is an open-source Electron-based GitHub app designed for git development. An attacker convincing a user to clone a repository directly or through a submodule can allow the attacker access to the user's credentials through the use of maliciously crafted remote URL.…
- risk 0.36cvss 5.5epss 0.00
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious application may be able to leak a user's credentials.
- risk 0.36cvss 5.5epss 0.00
AIPHONE IXG SYSTEM IXG-2C7 firmware Ver.2.03 and earlier and IXG-2C7-L firmware Ver.2.03 and earlier contain an issue with insufficiently protected credentials, which may allow a network-adjacent authenticated attacker to perform unintended operations.
- risk 0.36cvss 5.5epss 0.01
A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use…
- risk 0.36cvss 5.5epss 0.00
Previous releases of the Puppet cisco_ios module output SSH session debug information including login credentials to a world readable file on every run. These issues have been resolved in the 0.4.0 release.
- risk 0.36cvss 5.5epss 0.00
IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.
- risk 0.36cvss 5.5epss 0.00
A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system. More Information: CSCvd29355. Known Affected…
- risk 0.36cvss 5.5epss 0.00
The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access.
- risk 0.36cvss 5.5epss 0.00
The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain…
- risk 0.35cvss 5.4epss 0.00
An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes.
- risk 0.35cvss 6.5epss 0.00
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail prevent disclosure of created user password which allows a malicious attacker to impersonate a user via the use of some of those passwords.. Mattermost Advisory ID: MMSA-2026-00614
- risk 0.35cvss 6.5epss 0.00
LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and…
- risk 0.35cvss 5.4epss 0.00
The My Social Feeds – Social Feeds Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 1.0.4 via the 'ttp_get_accounts' AJAX action. This is due to the complete absence of authorization checks (no capability…
- risk 0.35cvss 6.5epss 0.00
Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3.
- risk 0.35cvss 5.4epss 0.00
Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike credentials being leaked. A malicious user can access cached credentials from a Crowdstrike connector in another space by creating and running a Crowdstrike connector in a space to which…
- risk 0.35cvss 5.3epss 0.01
The Reporting feature in X-Pack in versions prior to 5.5.2 and standalone Reporting plugin versions versions prior to 2.4.6 had an impersonation vulnerability. A user with the reporting_user role could execute a report with the permissions of another reporting user, possibly…