VYPR

CWE-522

Insufficiently Protected Credentials

ClassIncomplete

Description

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-102 · CAPEC-474 · CAPEC-50 · CAPEC-509 · CAPEC-551 · CAPEC-555 · CAPEC-560 · CAPEC-561 · CAPEC-600 · CAPEC-644 · CAPEC-645 · CAPEC-652 · CAPEC-653

CVEs mapped to this weakness (561)

page 13 of 29
  • CVE-2025-42897MedNov 11, 2025
    risk 0.34cvss 5.3epss 0.00

    Due to information disclosure vulnerability in anonymous API provided by SAP Business One (SLD), an attacker with normal user access could gain access to unauthorized information. As a result, it has a low impact on the confidentiality of the application but no impact on the…

  • CVE-2018-10622MedAug 10, 2018
    risk 0.34cvss 5.2epss 0.00

    Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication.

  • CVE-2017-15272MedNov 15, 2017
    risk 0.34cvss 5.3epss 0.01

    The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to extract the data.…

  • CVE-2026-23927MedMay 6, 2026
    risk 0.33cvss epss 0.00

    A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session.

  • CVE-2026-34262MedApr 14, 2026
    risk 0.33cvss 5.0epss 0.00

    Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer

  • CVE-2018-1075MedJun 12, 2018
    risk 0.33cvss 5.0epss 0.00

    ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the…

  • CVE-2024-47271MedMay 27, 2026
    risk 0.32cvss 4.9epss 0.00

    Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors.

  • CVE-2026-4819MedMar 31, 2026
    risk 0.32cvss 4.9epss 0.00

    In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.

  • CVE-2026-0689MedMar 2, 2026
    risk 0.32cvss 4.9epss 0.00

    In ExtremeCloud IQ – Site Engine (XIQ‑SE) before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface,…

  • CVE-2026-1223MedJan 20, 2026
    risk 0.32cvss 4.9epss 0.00

    PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend.

  • CVE-2025-13164MedNov 17, 2025
    risk 0.32cvss 4.9epss 0.00

    EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext credentials of AD and system mail from the system frontend.

  • CVE-2025-13163MedNov 17, 2025
    risk 0.32cvss 4.9epss 0.00

    EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext database account credentials from the system frontend.

  • CVE-2018-5446MedMay 4, 2018
    risk 0.32cvss 4.9epss 0.00

    Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format.

  • CVE-2026-6253MedMay 13, 2026
    risk 0.31cvss 5.9epss 0.01

    curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no…

  • CVE-2025-31976MedMay 6, 2026
    risk 0.31cvss 4.8epss 0.00

    HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials for a short duration while communicating with a backend, internal application which could allow an attacker to potentially misuse them, if exfiltrated. .

  • CVE-2025-61776MedOct 7, 2025
    risk 0.31cvss 4.7epss 0.00

    Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to `api.nuget.org` via the HTTP…

  • CVE-2025-5922MedJul 29, 2025
    risk 0.31cvss epss 0.00

    Access to TSplus Remote Access Admin Tool is restricted to administrators (unless "Disable UAC" option is enabled) and requires a PIN code. In versions below v18.40.6.17 the PIN's hash is stored in a system registry accessible to regular users, making it possible to perform…

  • CVE-2024-47588MedNov 12, 2024
    risk 0.31cvss 4.7epss 0.00

    In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the…

  • CVE-2017-2665MedJul 6, 2018
    risk 0.31cvss 4.8epss 0.00

    The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to…

  • CVE-2026-28961MedMay 11, 2026
    risk 0.30cvss 4.6epss 0.00

    This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.5. An attacker with physical access to a locked device may be able to view sensitive user information.