CWE-522
Insufficiently Protected Credentials
Description
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-102 · CAPEC-474 · CAPEC-50 · CAPEC-509 · CAPEC-551 · CAPEC-555 · CAPEC-560 · CAPEC-561 · CAPEC-600 · CAPEC-644 · CAPEC-645 · CAPEC-652 · CAPEC-653
CVEs mapped to this weakness (561)
page 2 of 29| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-17969 | Cri | 0.64 | 9.8 | 0.01 | Oct 3, 2018 | Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote attackers to discover cleartext credentials via iso.3.6.1.4.1.236.11.5.11.81.10.1.5.0 and iso.3.6.1.4.1.236.11.5.11.81.10.1.6.0 SNMP requests. | ||
| CVE-2018-17613 | Cri | 0.64 | 9.8 | 0.02 | Sep 28, 2018 | Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol. | ||
| CVE-2018-16669 | Cri | 0.64 | 9.8 | 0.02 | Sep 18, 2018 | An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the… | ||
| CVE-2017-16714 | Cri | 0.64 | 9.8 | 0.02 | Sep 6, 2018 | In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication. | ||
| CVE-2018-8851 | Cri | 0.64 | 9.8 | 0.01 | Jul 24, 2018 | Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer… | ||
| CVE-2018-7510 | Cri | 0.64 | 9.8 | 0.01 | Jun 6, 2018 | In the web application in BeaconMedaes TotalAlert Scroll Medical Air Systems running software versions prior to 4107600010.23, passwords are presented in plaintext in a file that is accessible without authentication. | ||
| CVE-2017-7933 | Cri | 0.64 | 9.8 | 0.02 | Jun 6, 2018 | In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access. | ||
| CVE-2018-11544 | Cri | 0.64 | 9.8 | 0.02 | May 29, 2018 | The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings. | ||
| CVE-2018-7518 | Cri | 0.64 | 9.8 | 0.01 | May 24, 2018 | In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, an attacker with network access to the integrated web server could retrieve default or user defined credentials stored and transmitted in an insecure manner. | ||
| CVE-2018-10024 | Cri | 0.64 | 9.8 | 0.01 | Apr 11, 2018 | ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. The file can be reached via an HTTP request. The credentials can be used to access the system via SSH (or TELNET if it is enabled). | ||
| CVE-2018-9031 | Cri | 0.64 | 9.8 | 0.02 | Mar 29, 2018 | The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "if(pwd ==" line in the HTML source code. This means, in effect, that authentication occurs only on the client side. | ||
| CVE-2017-11510 | Cri | 0.64 | 9.8 | 0.02 | Mar 28, 2018 | An information leak exists in Wanscam's HW0021 network camera that allows an unauthenticated remote attacker to recover the administrator username and password via an ONVIF GetSnapshotUri request. | ||
| CVE-2017-1000245 | Cri | 0.64 | 9.8 | 0.01 | Nov 1, 2017 | The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file. | ||
| CVE-2017-13771 | Cri | 0.64 | 9.8 | 0.03 | Sep 7, 2017 | Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2)… | ||
| CVE-2017-4923 | Cri | 0.64 | 9.8 | 0.02 | Aug 1, 2017 | VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature. | ||
| CVE-2017-6532 | Cri | 0.64 | 9.8 | 0.01 | Jul 20, 2017 | Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 have cleartext credentials in /mib.db. | ||
| CVE-2017-11349 | Cri | 0.64 | 9.8 | 0.02 | Jul 17, 2017 | dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data. | ||
| CVE-2017-6709 | Cri | 0.64 | 9.8 | 0.01 | Jul 6, 2017 | A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerability… | ||
| CVE-2017-7315 | Cri | 0.64 | 9.8 | 0.02 | Jul 4, 2017 | An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin. | ||
| CVE-2017-7905 | Cri | 0.64 | 9.8 | 0.01 | Jun 30, 2017 | A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware… |
- risk 0.64cvss 9.8epss 0.01
Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote attackers to discover cleartext credentials via iso.3.6.1.4.1.236.11.5.11.81.10.1.5.0 and iso.3.6.1.4.1.236.11.5.11.81.10.1.6.0 SNMP requests.
- risk 0.64cvss 9.8epss 0.02
Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the…
- risk 0.64cvss 9.8epss 0.02
In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication.
- risk 0.64cvss 9.8epss 0.01
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer…
- risk 0.64cvss 9.8epss 0.01
In the web application in BeaconMedaes TotalAlert Scroll Medical Air Systems running software versions prior to 4107600010.23, passwords are presented in plaintext in a file that is accessible without authentication.
- risk 0.64cvss 9.8epss 0.02
In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access.
- risk 0.64cvss 9.8epss 0.02
The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings.
- risk 0.64cvss 9.8epss 0.01
In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, an attacker with network access to the integrated web server could retrieve default or user defined credentials stored and transmitted in an insecure manner.
- risk 0.64cvss 9.8epss 0.01
ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. The file can be reached via an HTTP request. The credentials can be used to access the system via SSH (or TELNET if it is enabled).
- risk 0.64cvss 9.8epss 0.02
The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "if(pwd ==" line in the HTML source code. This means, in effect, that authentication occurs only on the client side.
- risk 0.64cvss 9.8epss 0.02
An information leak exists in Wanscam's HW0021 network camera that allows an unauthenticated remote attacker to recover the administrator username and password via an ONVIF GetSnapshotUri request.
- risk 0.64cvss 9.8epss 0.01
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.
- risk 0.64cvss 9.8epss 0.03
Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2)…
- risk 0.64cvss 9.8epss 0.02
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature.
- risk 0.64cvss 9.8epss 0.01
Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 have cleartext credentials in /mib.db.
- risk 0.64cvss 9.8epss 0.02
dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data.
- risk 0.64cvss 9.8epss 0.01
A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerability…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin.
- risk 0.64cvss 9.8epss 0.01
A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware…