CWE-522
Insufficiently Protected Credentials
Description
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-102 · CAPEC-474 · CAPEC-50 · CAPEC-509 · CAPEC-551 · CAPEC-555 · CAPEC-560 · CAPEC-561 · CAPEC-600 · CAPEC-644 · CAPEC-645 · CAPEC-652 · CAPEC-653
CVEs mapped to this weakness (561)
page 9 of 29| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-10355 | Hig | 0.46 | 7.0 | 0.01 | May 23, 2018 | An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. An attacker must first obtain access to the user database on the target system… | ||
| CVE-2018-10327 | Hig | 0.46 | 7.0 | 0.00 | May 17, 2018 | PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cps_config.xml file. | ||
| CVE-2017-1764 | Hig | 0.46 | 7.0 | 0.00 | Apr 23, 2018 | IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149. | ||
| CVE-2025-12461 | Med | 0.45 | — | 0.00 | Oct 29, 2025 | This vulnerability allows an attacker to access parts of the application that are not protected by any type of access control. The attacker could access this path ‘…/epsilonnet/License/About.aspx’ and obtain information on both the licence and the configuration of the… | ||
| CVE-2025-10360 | Med | 0.45 | — | 0.00 | Sep 24, 2025 | In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license… | ||
| CVE-2025-6081 | Med | 0.44 | 6.8 | 0.00 | Jul 1, 2025 | Insufficiently Protected Credentials in LDAP in Konica Minolta bizhub 227 Multifunction printers version GCQ-Y3 or earlier allows an attacker can reconfigure the target device to use an external LDAP service controlled by the attacker. If an LDAP password is set on the target… | ||
| CVE-2024-51984 | Med | 0.44 | 6.8 | 0.01 | Jun 25, 2025 | An authenticated attacker can reconfigure the target device to use an external service (such as LDAP or FTP) controlled by the attacker. If an existing password is present for an external service, the attacker can force the target device to authenticate to an attacker controlled… | ||
| CVE-2024-44754 | Med | 0.44 | 6.8 | 0.00 | Feb 28, 2025 | Cryptographic key extraction from internal flash in Minut M2 with firmware version #15142 allows physically proximate attackers to inject modified firmware into any other Minut M2 product via USB. | ||
| CVE-2017-5704 | Med | 0.44 | 6.7 | 0.00 | Jul 10, 2018 | Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Intel Core Processor potentially exposes password information in memory to a local attacker with administrative privileges. | ||
| CVE-2018-1000404 | — | Hig | 0.44 | 7.8 | 0.00 | Jul 9, 2018 | Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSClientFactory.java, CodeBuilder.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access.… | |
| CVE-2018-1000401 | — | Hig | 0.44 | 7.8 | 0.00 | Jul 9, 2018 | Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This… | |
| CVE-2018-12260 | Med | 0.44 | 6.7 | 0.00 | Jun 12, 2018 | An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all devices | ||
| CVE-2018-1000104 | — | Hig | 0.44 | 7.8 | 0.00 | Mar 13, 2018 | A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the… | |
| CVE-2017-9969 | Med | 0.44 | 6.7 | 0.00 | Feb 12, 2018 | An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information. | ||
| CVE-2017-8371 | Med | 0.44 | 6.8 | 0.01 | Apr 30, 2017 | Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors. | ||
| CVE-2016-9360 | Med | 0.44 | 6.7 | 0.00 | Feb 13, 2017 | An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if… | ||
| CVE-2026-39908 | Med | 0.42 | 6.5 | 0.00 | Jun 8, 2026 | OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job… | ||
| CVE-2026-49379 | Med | 0.42 | 6.5 | 0.00 | May 29, 2026 | In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names | ||
| CVE-2026-0393 | Med | 0.42 | 6.5 | 0.00 | May 21, 2026 | The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session. | ||
| CVE-2026-42367 | Med | 0.42 | 6.5 | 0.00 | May 4, 2026 | A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability. |
- risk 0.46cvss 7.0epss 0.01
An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. An attacker must first obtain access to the user database on the target system…
- risk 0.46cvss 7.0epss 0.00
PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cps_config.xml file.
- risk 0.46cvss 7.0epss 0.00
IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149.
- risk 0.45cvss —epss 0.00
This vulnerability allows an attacker to access parts of the application that are not protected by any type of access control. The attacker could access this path ‘…/epsilonnet/License/About.aspx’ and obtain information on both the licence and the configuration of the…
- risk 0.45cvss —epss 0.00
In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license…
- risk 0.44cvss 6.8epss 0.00
Insufficiently Protected Credentials in LDAP in Konica Minolta bizhub 227 Multifunction printers version GCQ-Y3 or earlier allows an attacker can reconfigure the target device to use an external LDAP service controlled by the attacker. If an LDAP password is set on the target…
- risk 0.44cvss 6.8epss 0.01
An authenticated attacker can reconfigure the target device to use an external service (such as LDAP or FTP) controlled by the attacker. If an existing password is present for an external service, the attacker can force the target device to authenticate to an attacker controlled…
- risk 0.44cvss 6.8epss 0.00
Cryptographic key extraction from internal flash in Minut M2 with firmware version #15142 allows physically proximate attackers to inject modified firmware into any other Minut M2 product via USB.
- risk 0.44cvss 6.7epss 0.00
Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Intel Core Processor potentially exposes password information in memory to a local attacker with administrative privileges.
- risk 0.44cvss 7.8epss 0.00
Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSClientFactory.java, CodeBuilder.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access.…
- risk 0.44cvss 7.8epss 0.00
Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This…
- risk 0.44cvss 6.7epss 0.00
An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all devices
- risk 0.44cvss 7.8epss 0.00
A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the…
- risk 0.44cvss 6.7epss 0.00
An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information.
- risk 0.44cvss 6.8epss 0.01
Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors.
- risk 0.44cvss 6.7epss 0.00
An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if…
- risk 0.42cvss 6.5epss 0.00
OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job…
- risk 0.42cvss 6.5epss 0.00
In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names
- risk 0.42cvss 6.5epss 0.00
The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session.
- risk 0.42cvss 6.5epss 0.00
A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability.