VYPR

CWE-522

Insufficiently Protected Credentials

ClassIncomplete

Description

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-102 · CAPEC-474 · CAPEC-50 · CAPEC-509 · CAPEC-551 · CAPEC-555 · CAPEC-560 · CAPEC-561 · CAPEC-600 · CAPEC-644 · CAPEC-645 · CAPEC-652 · CAPEC-653

CVEs mapped to this weakness (561)

page 3 of 29
  • CVE-2017-6028CriJun 30, 2017
    risk 0.64cvss 9.8epss 0.02

    An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing.…

  • CVE-2017-7913CriMay 29, 2017
    risk 0.64cvss 9.8epss 0.01

    A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell…

  • CVE-2017-5140CriFeb 13, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text.

  • CVE-2017-5139CriFeb 13, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password.

  • CVE-2005-3435CriNov 2, 2005
    risk 0.64cvss 9.8epss 0.02

    admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument.

  • CVE-2024-5176CriMay 31, 2024
    risk 0.61cvss epss 0.00

    Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may allow Remote Services with Stolen Credentials.This issue affects Welch Allyn Configuration Tool: versions 1.9.4.1 and prior.

  • CVE-2018-10286HigApr 22, 2018
    risk 0.61cvss 8.8epss 0.07

    The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext,…

  • CVE-2025-22372CriApr 14, 2025
    risk 0.60cvss epss 0.00

    Insufficiently Protected Credentials vulnerability in SicommNet BASEC on SaaS allows Password Recovery. Passwords are either stored in plain text using reversible encryption, allowing an attacker with sufficient privileges to extract plain text passwords easily. This issue…

  • CVE-2025-2311CriMar 20, 2025
    risk 0.59cvss 9.0epss 0.00

    Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information…

  • CVE-2025-25650CriMar 17, 2025
    risk 0.59cvss 9.1epss 0.01

    An issue in the storage of NFC card data in Dorset DG 201 Digital Lock H5_433WBSK_v2.2_220605 allows attackers to produce cloned NFC cards to bypass authentication.

  • CVE-2019-17082CriNov 26, 2024
    risk 0.59cvss epss 0.00

    Insufficiently Protected Credentials vulnerability in OpenText™ AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system the vulnerability could allow anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to…

  • CVE-2022-45157CriNov 13, 2024
    risk 0.59cvss 9.1epss 0.00

    A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being…

  • CVE-2026-42869CriMay 11, 2026
    risk 0.58cvss 10.0epss 0.00

    SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded JWT signing secret as a fallback value in backend/app/auth/utils.py:28 and ships it verbatim in .env.example. Any…

  • CVE-2017-7547HigAug 16, 2017
    risk 0.58cvss 8.8epss 0.06

    PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.

  • CVE-2026-46511HigJun 5, 2026
    risk 0.57cvss epss 0.00

    HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the `/system/api/connectionSettings` endpoint allows an authenticated attacker to perform a complete…

  • CVE-2026-7313HigJun 2, 2026
    risk 0.57cvss 8.7epss 0.00

    CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote authenticated attacker to obtain plain-text credentials used connect to Sitefinity Insight service. Successful exploitation requires active…

  • CVE-2026-43992CriMay 12, 2026
    risk 0.57cvss 9.8epss 0.00

    JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted 'mnemonic: string' as an explicit tool-call parameter. The BIP-39 seed was…

  • CVE-2026-32171HigApr 14, 2026
    risk 0.57cvss 8.8epss 0.00

    Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.

  • CVE-2025-42933HigSep 9, 2025
    risk 0.57cvss 8.8epss 0.00

    When a user logs in via SAP Business One native client, the SLD backend service fails to enforce proper encryption of certain APIs. This leads to exposure of sensitive credentials within http response body. As a result, it has a high impact on the confidentiality, integrity, and…

  • CVE-2025-41682HigSep 8, 2025
    risk 0.57cvss 8.8epss 0.00

    An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password.