CWE-522
Insufficiently Protected Credentials
Description
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-102 · CAPEC-474 · CAPEC-50 · CAPEC-509 · CAPEC-551 · CAPEC-555 · CAPEC-560 · CAPEC-561 · CAPEC-600 · CAPEC-644 · CAPEC-645 · CAPEC-652 · CAPEC-653
CVEs mapped to this weakness (561)
page 5 of 29| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6528 | Hig | 0.56 | 8.1 | 0.03 | Mar 9, 2017 | An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file). | ||
| CVE-2025-2908 | Hig | 0.55 | — | 0.00 | Mar 28, 2025 | The exposure of credentials in the call forwarding configuration module in MeetMe products in versions prior to 2024-09 allows an attacker to gain access to some important assets via configuration files. | ||
| CVE-2024-43812 | Hig | 0.55 | 8.4 | 0.00 | Oct 22, 2024 | Kieback & Peter's DDC4000 series has an insufficiently protected credentials vulnerability, which may allow an unauthenticated attacker with access to /etc/passwd to read the password hashes of all users on the system. | ||
| CVE-2024-28981 | Hig | 0.55 | 8.5 | 0.00 | Sep 12, 2024 | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields. | ||
| CVE-2024-38282 | — | Hig | 0.55 | — | 0.00 | Jun 13, 2024 | Utilizing default credentials, an attacker is able to log into the camera's operating system which could allow changes to be made to the operations or shutdown the camera requiring a physical reboot of the system. | |
| CVE-2017-5700 | Hig | 0.55 | 8.4 | 0.00 | Oct 11, 2017 | Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage. | ||
| CVE-1999-0013 | Hig | 0.55 | 8.4 | 0.01 | Jan 22, 1998 | Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user. | ||
| CVE-2026-40173 | Cri | 0.54 | 9.4 | 0.01 | Apr 15, 2026 | Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full… | ||
| CVE-2025-58366 | Cri | 0.54 | — | 0.00 | Sep 5, 2025 | Onyxia is a data science environment for kubernetes. In versions 4.6.0 through 4.8.0, Onyxia-API leaked the credentials of private helm repositories in the public (unauthenticated) /public/catalogs endpoint.vOnly instances using private helm repositories (i.e setting username &… | ||
| CVE-2018-10814 | Hig | 0.54 | 7.8 | 0.01 | Sep 14, 2018 | Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials. | ||
| CVE-2018-3609 | Hig | 0.54 | 8.1 | 0.22 | Feb 16, 2018 | A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations. | ||
| CVE-2017-15918 | Hig | 0.54 | 7.8 | 0.01 | Nov 1, 2017 | Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks. | ||
| CVE-2026-39462 | Hig | 0.53 | 8.1 | 0.00 | Apr 24, 2026 | A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the… | ||
| CVE-2026-34361 | Cri | 0.53 | 9.3 | 0.00 | Mar 31, 2026 | HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the FHIR Validator HTTP service exposes an unauthenticated "/loadIG" endpoint that makes outbound HTTP requests to attacker-controlled URLs. Combined… | ||
| CVE-2026-29872 | Hig | 0.53 | 8.2 | 0.00 | Mar 30, 2026 | A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19). The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using… | ||
| CVE-2024-23733 | Hig | 0.53 | 7.5 | 0.02 | Jan 29, 2025 | The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core_Fix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank… | ||
| CVE-2024-7755 | Hig | 0.53 | 8.2 | 0.00 | Oct 17, 2024 | The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials. | ||
| CVE-2017-17691 | Hig | 0.53 | 8.1 | 0.01 | Sep 7, 2018 | Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack. | ||
| CVE-2018-1139 | Hig | 0.53 | 8.1 | 0.03 | Aug 22, 2018 | A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client. | ||
| CVE-2018-11639 | Hig | 0.53 | 8.1 | 0.01 | Jul 3, 2018 | Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to access a user's password in cleartext. |
- risk 0.56cvss 8.1epss 0.03
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file).
- risk 0.55cvss —epss 0.00
The exposure of credentials in the call forwarding configuration module in MeetMe products in versions prior to 2024-09 allows an attacker to gain access to some important assets via configuration files.
- risk 0.55cvss 8.4epss 0.00
Kieback & Peter's DDC4000 series has an insufficiently protected credentials vulnerability, which may allow an unauthenticated attacker with access to /etc/passwd to read the password hashes of all users on the system.
- risk 0.55cvss 8.5epss 0.00
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields.
- risk 0.55cvss —epss 0.00
Utilizing default credentials, an attacker is able to log into the camera's operating system which could allow changes to be made to the operations or shutdown the camera requiring a physical reboot of the system.
- risk 0.55cvss 8.4epss 0.00
Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage.
- risk 0.55cvss 8.4epss 0.01
Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user.
- risk 0.54cvss 9.4epss 0.01
Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full…
- risk 0.54cvss —epss 0.00
Onyxia is a data science environment for kubernetes. In versions 4.6.0 through 4.8.0, Onyxia-API leaked the credentials of private helm repositories in the public (unauthenticated) /public/catalogs endpoint.vOnly instances using private helm repositories (i.e setting username &…
- risk 0.54cvss 7.8epss 0.01
Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials.
- risk 0.54cvss 8.1epss 0.22
A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations.
- risk 0.54cvss 7.8epss 0.01
Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks.
- risk 0.53cvss 8.1epss 0.00
A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the…
- risk 0.53cvss 9.3epss 0.00
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the FHIR Validator HTTP service exposes an unauthenticated "/loadIG" endpoint that makes outbound HTTP requests to attacker-controlled URLs. Combined…
- risk 0.53cvss 8.2epss 0.00
A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19). The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using…
- risk 0.53cvss 7.5epss 0.02
The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core_Fix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank…
- risk 0.53cvss 8.2epss 0.00
The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials.
- risk 0.53cvss 8.1epss 0.01
Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack.
- risk 0.53cvss 8.1epss 0.03
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.
- risk 0.53cvss 8.1epss 0.01
Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to access a user's password in cleartext.