VYPR

CWE-522

Insufficiently Protected Credentials

ClassIncomplete

Description

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-102 · CAPEC-474 · CAPEC-50 · CAPEC-509 · CAPEC-551 · CAPEC-555 · CAPEC-560 · CAPEC-561 · CAPEC-600 · CAPEC-644 · CAPEC-645 · CAPEC-652 · CAPEC-653

CVEs mapped to this weakness (561)

page 5 of 29
  • CVE-2017-6528HigMar 9, 2017
    risk 0.56cvss 8.1epss 0.03

    An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file).

  • CVE-2025-2908HigMar 28, 2025
    risk 0.55cvss epss 0.00

    The exposure of credentials in the call forwarding configuration module in MeetMe products in versions prior to 2024-09 allows an attacker to gain access to some important assets via configuration files.

  • CVE-2024-43812HigOct 22, 2024
    risk 0.55cvss 8.4epss 0.00

    Kieback & Peter's DDC4000 series has an insufficiently protected credentials vulnerability, which may allow an unauthenticated attacker with access to /etc/passwd to read the password hashes of all users on the system.

  • CVE-2024-28981HigSep 12, 2024
    risk 0.55cvss 8.5epss 0.00

    Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields.

  • CVE-2024-38282HigJun 13, 2024
    risk 0.55cvss epss 0.00

    Utilizing default credentials, an attacker is able to log into the camera's operating system which could allow changes to be made to the operations or shutdown the camera requiring a physical reboot of the system.

  • CVE-2017-5700HigOct 11, 2017
    risk 0.55cvss 8.4epss 0.00

    Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage.

  • CVE-1999-0013HigJan 22, 1998
    risk 0.55cvss 8.4epss 0.01

    Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user.

  • CVE-2026-40173CriApr 15, 2026
    risk 0.54cvss 9.4epss 0.01

    Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full…

  • CVE-2025-58366CriSep 5, 2025
    risk 0.54cvss epss 0.00

    Onyxia is a data science environment for kubernetes. In versions 4.6.0 through 4.8.0, Onyxia-API leaked the credentials of private helm repositories in the public (unauthenticated) /public/catalogs endpoint.vOnly instances using private helm repositories (i.e setting username &…

  • CVE-2018-10814HigSep 14, 2018
    risk 0.54cvss 7.8epss 0.01

    Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials.

  • CVE-2018-3609HigFeb 16, 2018
    risk 0.54cvss 8.1epss 0.22

    A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations.

  • CVE-2017-15918HigNov 1, 2017
    risk 0.54cvss 7.8epss 0.01

    Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks.

  • CVE-2026-39462HigApr 24, 2026
    risk 0.53cvss 8.1epss 0.00

    A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the…

  • CVE-2026-34361CriMar 31, 2026
    risk 0.53cvss 9.3epss 0.00

    HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the FHIR Validator HTTP service exposes an unauthenticated "/loadIG" endpoint that makes outbound HTTP requests to attacker-controlled URLs. Combined…

  • CVE-2026-29872HigMar 30, 2026
    risk 0.53cvss 8.2epss 0.00

    A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19). The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using…

  • CVE-2024-23733HigJan 29, 2025
    risk 0.53cvss 7.5epss 0.02

    The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core_Fix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank…

  • CVE-2024-7755HigOct 17, 2024
    risk 0.53cvss 8.2epss 0.00

    The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials.

  • CVE-2017-17691HigSep 7, 2018
    risk 0.53cvss 8.1epss 0.01

    Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack.

  • CVE-2018-1139HigAug 22, 2018
    risk 0.53cvss 8.1epss 0.03

    A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.

  • CVE-2018-11639HigJul 3, 2018
    risk 0.53cvss 8.1epss 0.01

    Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to access a user's password in cleartext.