CWE-522
Insufficiently Protected Credentials
Description
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-102 · CAPEC-474 · CAPEC-50 · CAPEC-509 · CAPEC-551 · CAPEC-555 · CAPEC-560 · CAPEC-561 · CAPEC-600 · CAPEC-644 · CAPEC-645 · CAPEC-652 · CAPEC-653
CVEs mapped to this weakness (561)
page 7 of 29| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-4170 | Hig | 0.51 | 7.8 | 0.00 | Apr 3, 2018 | An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution. | ||
| CVE-2018-1377 | Hig | 0.51 | 7.8 | 0.00 | Feb 26, 2018 | IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 137778. | ||
| CVE-2018-0828 | Hig | 0.51 | 7.8 | 0.01 | Feb 15, 2018 | Windows 10 version 1607 and Windows Server 2016 allow an elevation of privilege vulnerability due to how the MultiPoint management account password is stored, aka "Windows Elevation of Privilege Vulnerability". | ||
| CVE-2017-1779 | Hig | 0.51 | 7.8 | 0.00 | Jan 29, 2018 | IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824. | ||
| CVE-2017-1000387 | — | Hig | 0.51 | 7.8 | 0.00 | Jan 26, 2018 | Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.build_publisher.BuildPublisher.xml in the Jenkins master home directory. These credentials were stored unencrypted, allowing anyone with local file… | |
| CVE-2017-1378 | Hig | 0.51 | 7.8 | 0.00 | Oct 5, 2017 | IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875. | ||
| CVE-2017-1201 | Hig | 0.51 | 7.8 | 0.00 | Oct 5, 2017 | IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores user credentials in clear text which can be read by a local user. IBM X-Force ID: 123676. | ||
| CVE-2017-1362 | Hig | 0.51 | 7.8 | 0.00 | Sep 25, 2017 | IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801. | ||
| CVE-2017-9552 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2017 | A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME… | ||
| CVE-2026-21670 | Hig | 0.50 | 7.7 | 0.00 | Mar 12, 2026 | A vulnerability allowing a low-privileged user to extract saved SSH credentials. | ||
| CVE-2018-1074 | Hig | 0.50 | 7.7 | 0.01 | Apr 26, 2018 | ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management… | ||
| CVE-2026-41266 | Hig | 0.49 | 7.5 | 0.00 | Apr 23, 2026 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker… | ||
| CVE-2026-35185 | Hig | 0.49 | 7.5 | 0.00 | Apr 6, 2026 | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens (user_token), user activity, client IP addresses, and server configuration… | ||
| CVE-2021-47741 | Hig | 0.49 | 7.5 | 0.00 | Dec 31, 2025 | ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows limited administrative users to elevate access by sending requests to configuration endpoints. Attackers can exploit the vulnerability by accessing the configuration backup or… | ||
| CVE-2021-47726 | Hig | 0.49 | 7.5 | 0.00 | Dec 31, 2025 | NuCom 11N Wireless Router 5.07.90 contains a privilege escalation vulnerability that allows non-privileged users to access administrative credentials through the configuration backup endpoint. Attackers can send a crafted HTTP GET request to the backup configuration page with a… | ||
| CVE-2025-40838 | Hig | 0.49 | 7.5 | 0.00 | Sep 25, 2025 | Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information. | ||
| CVE-2024-12511 | — | Hig | 0.49 | 7.6 | 0.01 | Feb 3, 2025 | With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access. | |
| CVE-2024-38453 | Hig | 0.49 | 7.5 | 0.00 | Jul 3, 2024 | The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key. NOTE: the current version is 11 as of mid-2024. | ||
| CVE-2024-27109 | Hig | 0.49 | 7.6 | 0.00 | May 14, 2024 | Insufficiently protected credentials in GE HealthCare EchoPAC products | ||
| CVE-2024-0368 | Hig | 0.49 | 8.6 | 0.01 | Mar 13, 2024 | The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data… |
- risk 0.51cvss 7.8epss 0.00
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution.
- risk 0.51cvss 7.8epss 0.00
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 137778.
- risk 0.51cvss 7.8epss 0.01
Windows 10 version 1607 and Windows Server 2016 allow an elevation of privilege vulnerability due to how the MultiPoint management account password is stored, aka "Windows Elevation of Privilege Vulnerability".
- risk 0.51cvss 7.8epss 0.00
IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824.
- risk 0.51cvss 7.8epss 0.00
Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.build_publisher.BuildPublisher.xml in the Jenkins master home directory. These credentials were stored unencrypted, allowing anyone with local file…
- risk 0.51cvss 7.8epss 0.00
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.
- risk 0.51cvss 7.8epss 0.00
IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores user credentials in clear text which can be read by a local user. IBM X-Force ID: 123676.
- risk 0.51cvss 7.8epss 0.00
IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801.
- risk 0.51cvss 7.8epss 0.00
A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME…
- risk 0.50cvss 7.7epss 0.00
A vulnerability allowing a low-privileged user to extract saved SSH credentials.
- risk 0.50cvss 7.7epss 0.01
ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management…
- risk 0.49cvss 7.5epss 0.00
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker…
- risk 0.49cvss 7.5epss 0.00
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens (user_token), user activity, client IP addresses, and server configuration…
- risk 0.49cvss 7.5epss 0.00
ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows limited administrative users to elevate access by sending requests to configuration endpoints. Attackers can exploit the vulnerability by accessing the configuration backup or…
- risk 0.49cvss 7.5epss 0.00
NuCom 11N Wireless Router 5.07.90 contains a privilege escalation vulnerability that allows non-privileged users to access administrative credentials through the configuration backup endpoint. Attackers can send a crafted HTTP GET request to the backup configuration page with a…
- risk 0.49cvss 7.5epss 0.00
Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information.
- risk 0.49cvss 7.6epss 0.01
With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.
- risk 0.49cvss 7.5epss 0.00
The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key. NOTE: the current version is 11 as of mid-2024.
- risk 0.49cvss 7.6epss 0.00
Insufficiently protected credentials in GE HealthCare EchoPAC products
- risk 0.49cvss 8.6epss 0.01
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data…