CWE-522
Insufficiently Protected Credentials
Description
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-102 · CAPEC-474 · CAPEC-50 · CAPEC-509 · CAPEC-551 · CAPEC-555 · CAPEC-560 · CAPEC-561 · CAPEC-600 · CAPEC-644 · CAPEC-645 · CAPEC-652 · CAPEC-653
CVEs mapped to this weakness (561)
page 13 of 29| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-42897 | Med | 0.34 | 5.3 | 0.00 | Nov 11, 2025 | Due to information disclosure vulnerability in anonymous API provided by SAP Business One (SLD), an attacker with normal user access could gain access to unauthorized information. As a result, it has a low impact on the confidentiality of the application but no impact on the… | ||
| CVE-2018-10622 | Med | 0.34 | 5.2 | 0.00 | Aug 10, 2018 | Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication. | ||
| CVE-2017-15272 | Med | 0.34 | 5.3 | 0.01 | Nov 15, 2017 | The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to extract the data.… | ||
| CVE-2026-23927 | Med | 0.33 | — | 0.00 | May 6, 2026 | A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session. | ||
| CVE-2026-34262 | Med | 0.33 | 5.0 | 0.00 | Apr 14, 2026 | Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer | ||
| CVE-2018-1075 | Med | 0.33 | 5.0 | 0.00 | Jun 12, 2018 | ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the… | ||
| CVE-2024-47271 | Med | 0.32 | 4.9 | 0.00 | May 27, 2026 | Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors. | ||
| CVE-2026-4819 | Med | 0.32 | 4.9 | 0.00 | Mar 31, 2026 | In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana. | ||
| CVE-2026-0689 | Med | 0.32 | 4.9 | 0.00 | Mar 2, 2026 | In ExtremeCloud IQ – Site Engine (XIQ‑SE) before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface,… | ||
| CVE-2026-1223 | Med | 0.32 | 4.9 | 0.00 | Jan 20, 2026 | PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend. | ||
| CVE-2025-13164 | Med | 0.32 | 4.9 | 0.00 | Nov 17, 2025 | EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext credentials of AD and system mail from the system frontend. | ||
| CVE-2025-13163 | Med | 0.32 | 4.9 | 0.00 | Nov 17, 2025 | EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext database account credentials from the system frontend. | ||
| CVE-2018-5446 | Med | 0.32 | 4.9 | 0.00 | May 4, 2018 | Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format. | ||
| CVE-2026-6253 | Med | 0.31 | 5.9 | 0.01 | May 13, 2026 | curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no… | ||
| CVE-2025-31976 | Med | 0.31 | 4.8 | 0.00 | May 6, 2026 | HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials for a short duration while communicating with a backend, internal application which could allow an attacker to potentially misuse them, if exfiltrated. . | ||
| CVE-2025-61776 | Med | 0.31 | 4.7 | 0.00 | Oct 7, 2025 | Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to `api.nuget.org` via the HTTP… | ||
| CVE-2025-5922 | Med | 0.31 | — | 0.00 | Jul 29, 2025 | Access to TSplus Remote Access Admin Tool is restricted to administrators (unless "Disable UAC" option is enabled) and requires a PIN code. In versions below v18.40.6.17 the PIN's hash is stored in a system registry accessible to regular users, making it possible to perform… | ||
| CVE-2024-47588 | Med | 0.31 | 4.7 | 0.00 | Nov 12, 2024 | In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the… | ||
| CVE-2017-2665 | Med | 0.31 | 4.8 | 0.00 | Jul 6, 2018 | The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to… | ||
| CVE-2026-28961 | — | Med | 0.30 | 4.6 | 0.00 | May 11, 2026 | This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.5. An attacker with physical access to a locked device may be able to view sensitive user information. |
- risk 0.34cvss 5.3epss 0.00
Due to information disclosure vulnerability in anonymous API provided by SAP Business One (SLD), an attacker with normal user access could gain access to unauthorized information. As a result, it has a low impact on the confidentiality of the application but no impact on the…
- risk 0.34cvss 5.2epss 0.00
Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication.
- risk 0.34cvss 5.3epss 0.01
The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to extract the data.…
- risk 0.33cvss —epss 0.00
A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session.
- risk 0.33cvss 5.0epss 0.00
Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer
- risk 0.33cvss 5.0epss 0.00
ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the…
- risk 0.32cvss 4.9epss 0.00
Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors.
- risk 0.32cvss 4.9epss 0.00
In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.
- risk 0.32cvss 4.9epss 0.00
In ExtremeCloud IQ – Site Engine (XIQ‑SE) before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface,…
- risk 0.32cvss 4.9epss 0.00
PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend.
- risk 0.32cvss 4.9epss 0.00
EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext credentials of AD and system mail from the system frontend.
- risk 0.32cvss 4.9epss 0.00
EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext database account credentials from the system frontend.
- risk 0.32cvss 4.9epss 0.00
Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format.
- risk 0.31cvss 5.9epss 0.01
curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no…
- risk 0.31cvss 4.8epss 0.00
HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials for a short duration while communicating with a backend, internal application which could allow an attacker to potentially misuse them, if exfiltrated. .
- risk 0.31cvss 4.7epss 0.00
Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to `api.nuget.org` via the HTTP…
- risk 0.31cvss —epss 0.00
Access to TSplus Remote Access Admin Tool is restricted to administrators (unless "Disable UAC" option is enabled) and requires a PIN code. In versions below v18.40.6.17 the PIN's hash is stored in a system registry accessible to regular users, making it possible to perform…
- risk 0.31cvss 4.7epss 0.00
In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the…
- risk 0.31cvss 4.8epss 0.00
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to…
- risk 0.30cvss 4.6epss 0.00
This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.5. An attacker with physical access to a locked device may be able to view sensitive user information.