VYPR

CWE-522

Insufficiently Protected Credentials

ClassIncomplete

Description

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-102 · CAPEC-474 · CAPEC-50 · CAPEC-509 · CAPEC-551 · CAPEC-555 · CAPEC-560 · CAPEC-561 · CAPEC-600 · CAPEC-644 · CAPEC-645 · CAPEC-652 · CAPEC-653

CVEs mapped to this weakness (561)

page 7 of 29
  • CVE-2018-4170HigApr 3, 2018
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution.

  • CVE-2018-1377HigFeb 26, 2018
    risk 0.51cvss 7.8epss 0.00

    IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 137778.

  • CVE-2018-0828HigFeb 15, 2018
    risk 0.51cvss 7.8epss 0.01

    Windows 10 version 1607 and Windows Server 2016 allow an elevation of privilege vulnerability due to how the MultiPoint management account password is stored, aka "Windows Elevation of Privilege Vulnerability".

  • CVE-2017-1779HigJan 29, 2018
    risk 0.51cvss 7.8epss 0.00

    IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824.

  • CVE-2017-1000387HigJan 26, 2018
    risk 0.51cvss 7.8epss 0.00

    Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.build_publisher.BuildPublisher.xml in the Jenkins master home directory. These credentials were stored unencrypted, allowing anyone with local file…

  • CVE-2017-1378HigOct 5, 2017
    risk 0.51cvss 7.8epss 0.00

    IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.

  • CVE-2017-1201HigOct 5, 2017
    risk 0.51cvss 7.8epss 0.00

    IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores user credentials in clear text which can be read by a local user. IBM X-Force ID: 123676.

  • CVE-2017-1362HigSep 25, 2017
    risk 0.51cvss 7.8epss 0.00

    IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801.

  • CVE-2017-9552HigJun 13, 2017
    risk 0.51cvss 7.8epss 0.00

    A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME…

  • CVE-2026-21670HigMar 12, 2026
    risk 0.50cvss 7.7epss 0.00

    A vulnerability allowing a low-privileged user to extract saved SSH credentials.

  • CVE-2018-1074HigApr 26, 2018
    risk 0.50cvss 7.7epss 0.01

    ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management…

  • CVE-2026-41266HigApr 23, 2026
    risk 0.49cvss 7.5epss 0.00

    Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker…

  • CVE-2026-35185HigApr 6, 2026
    risk 0.49cvss 7.5epss 0.00

    HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens (user_token), user activity, client IP addresses, and server configuration…

  • CVE-2021-47741HigDec 31, 2025
    risk 0.49cvss 7.5epss 0.00

    ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows limited administrative users to elevate access by sending requests to configuration endpoints. Attackers can exploit the vulnerability by accessing the configuration backup or…

  • CVE-2021-47726HigDec 31, 2025
    risk 0.49cvss 7.5epss 0.00

    NuCom 11N Wireless Router 5.07.90 contains a privilege escalation vulnerability that allows non-privileged users to access administrative credentials through the configuration backup endpoint. Attackers can send a crafted HTTP GET request to the backup configuration page with a…

  • CVE-2025-40838HigSep 25, 2025
    risk 0.49cvss 7.5epss 0.00

    Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information.

  • CVE-2024-12511HigFeb 3, 2025
    risk 0.49cvss 7.6epss 0.01

    With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.

  • CVE-2024-38453HigJul 3, 2024
    risk 0.49cvss 7.5epss 0.00

    The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key. NOTE: the current version is 11 as of mid-2024.

  • CVE-2024-27109HigMay 14, 2024
    risk 0.49cvss 7.6epss 0.00

    Insufficiently protected credentials in GE HealthCare EchoPAC products

  • CVE-2024-0368HigMar 13, 2024
    risk 0.49cvss 8.6epss 0.01

    The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data…