CWE-522
Insufficiently Protected Credentials
Description
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-102 · CAPEC-474 · CAPEC-50 · CAPEC-509 · CAPEC-551 · CAPEC-555 · CAPEC-560 · CAPEC-561 · CAPEC-600 · CAPEC-644 · CAPEC-645 · CAPEC-652 · CAPEC-653
CVEs mapped to this weakness (561)
page 8 of 29| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-35067 | Hig | 0.49 | 7.5 | 0.00 | Jul 25, 2023 | Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable.This issue affects E-Invoice Approval System: before v.20230701. | ||
| CVE-2018-13822 | Hig | 0.49 | 7.5 | 0.01 | Aug 30, 2018 | Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information. | ||
| CVE-2017-13998 | Hig | 0.49 | 7.5 | 0.01 | Oct 5, 2017 | An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not sufficiently protect sensitive information from unauthorized access. | ||
| CVE-2017-6046 | Hig | 0.49 | 7.5 | 0.02 | Jun 30, 2017 | An Insufficiently Protected Credentials issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Sensitive information is insufficiently protected during transmission and vulnerable to sniffing,… | ||
| CVE-2017-7524 | Hig | 0.49 | 7.5 | 0.01 | Jun 27, 2017 | tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC. | ||
| CVE-2017-3214 | Hig | 0.49 | 7.5 | 0.01 | Jun 20, 2017 | The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary. | ||
| CVE-2017-9557 | Hig | 0.49 | 7.5 | 0.02 | Jun 12, 2017 | register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response. | ||
| CVE-2017-9136 | Hig | 0.49 | 7.5 | 0.01 | May 21, 2017 | An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's… | ||
| CVE-2017-7486 | Hig | 0.49 | 7.5 | 0.06 | May 12, 2017 | PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server. | ||
| CVE-2017-8296 | Hig | 0.49 | 7.5 | 0.01 | Apr 27, 2017 | kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of the master password if the "password" command is used with an argument. The… | ||
| CVE-2025-61482 | Hig | 0.47 | 7.2 | 0.00 | Oct 27, 2025 | Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into app crypto routines and intercepting decryption paths, attacker can recover… | ||
| CVE-2018-16987 | Hig | 0.47 | 7.2 | 0.01 | Sep 13, 2018 | Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code. | ||
| CVE-2018-1000608 | — | Hig | 0.47 | 7.2 | 0.01 | Jun 26, 2018 | A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the… | |
| CVE-2017-0925 | Hig | 0.47 | 7.2 | 0.01 | Mar 21, 2018 | Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password. | ||
| CVE-2017-14111 | Hig | 0.47 | 7.2 | 0.02 | Nov 17, 2017 | The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user… | ||
| CVE-2025-13477 | Hig | 0.46 | 7.1 | 0.00 | May 21, 2026 | Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted… | ||
| CVE-2026-35155 | Hig | 0.46 | 7.1 | 0.00 | Apr 29, 2026 | Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access. | ||
| CVE-2024-49364 | Hig | 0.46 | — | 0.00 | Jul 1, 2025 | tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require('buffer') is the NPM buffer… | ||
| CVE-2025-1886 | Hig | 0.46 | — | 0.00 | Mar 7, 2025 | Pass-Back vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to discover stored SMTP credentials. | ||
| CVE-2024-38285 | — | Hig | 0.46 | — | 0.00 | Jun 13, 2024 | Logs storing credentials are insufficiently protected and can be decoded through the use of open source tools. |
- risk 0.49cvss 7.5epss 0.00
Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable.This issue affects E-Invoice Approval System: before v.20230701.
- risk 0.49cvss 7.5epss 0.01
Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information.
- risk 0.49cvss 7.5epss 0.01
An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not sufficiently protect sensitive information from unauthorized access.
- risk 0.49cvss 7.5epss 0.02
An Insufficiently Protected Credentials issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Sensitive information is insufficiently protected during transmission and vulnerable to sniffing,…
- risk 0.49cvss 7.5epss 0.01
tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.
- risk 0.49cvss 7.5epss 0.01
The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary.
- risk 0.49cvss 7.5epss 0.02
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's…
- risk 0.49cvss 7.5epss 0.06
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.
- risk 0.49cvss 7.5epss 0.01
kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of the master password if the "password" command is used with an argument. The…
- risk 0.47cvss 7.2epss 0.00
Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into app crypto routines and intercepting decryption paths, attacker can recover…
- risk 0.47cvss 7.2epss 0.01
Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code.
- risk 0.47cvss 7.2epss 0.01
A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the…
- risk 0.47cvss 7.2epss 0.01
Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.
- risk 0.47cvss 7.2epss 0.02
The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user…
- risk 0.46cvss 7.1epss 0.00
Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted…
- risk 0.46cvss 7.1epss 0.00
Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access.
- risk 0.46cvss —epss 0.00
tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require('buffer') is the NPM buffer…
- risk 0.46cvss —epss 0.00
Pass-Back vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to discover stored SMTP credentials.
- risk 0.46cvss —epss 0.00
Logs storing credentials are insufficiently protected and can be decoded through the use of open source tools.