CWE-523
Unprotected Transport of Credentials
Description
Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-102
CVEs mapped to this weakness (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-1509 | Cri | 0.59 | 9.1 | 0.00 | Feb 28, 2025 | Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping… | ||
| CVE-2017-16731 | Hig | 0.57 | 8.8 | 0.01 | Dec 20, 2017 | An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit… | ||
| CVE-2025-64309 | Hig | 0.56 | 8.6 | 0.00 | Nov 15, 2025 | Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques. | ||
| CVE-2025-64308 | Hig | 0.49 | 7.5 | 0.00 | Nov 15, 2025 | The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle. | ||
| CVE-2025-61121 | Hig | 0.49 | 7.5 | 0.00 | Oct 30, 2025 | Mobile Scanner Android App version 2.12.38 (package name com.glority.everlens), developed by Glority Global Group Ltd., contains a credential leakage vulnerability. Improper handling of cloud service credentials may allow attackers to obtain them and carry out unauthorized… | ||
| CVE-2024-4188 | Hig | 0.46 | — | 0.00 | Jul 30, 2024 | Unprotected Transport of Credentials vulnerability in OpenText™ Documentum™ Server could allow Credential Stuffing.This issue affects Documentum™ Server: from 16.7 through 23.4. | ||
| CVE-2025-41705 | — | Med | 0.44 | 6.8 | 0.00 | Oct 14, 2025 | An unauthenticated remote attacker (MITM) can intercept the websocket messages to gain access to the login credentials for the Webfrontend. | |
| CVE-2026-54784 | hig | 0.38 | — | — | Jun 19, 2026 | ### Impact When the proof key recovered from the RSTR can be observed by a party that is not the legitimate client, that party can impersonate the authenticated Windows principal for the lifetime of the SCT (default ~10 hours) and decrypt or forge any subsequent… | ||
| CVE-2026-36610 | Med | 0.38 | 5.9 | 0.00 | Jun 3, 2026 | Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle interception of DDNS service credentials. | ||
| CVE-2026-8673 | Med | 0.38 | 5.9 | 0.00 | May 22, 2026 | Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks. This issue affects Avantra: before 25.3.0. | ||
| CVE-2025-61916 | 0.00 | — | 0.00 | Jan 5, 2026 | Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into… | |||
| CVE-2024-1102 | 0.00 | — | 0.01 | Apr 25, 2024 | A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection. | |||
| CVE-2023-28708 | — | 0.00 | — | 0.02 | Mar 22, 2023 | When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did… |
- risk 0.59cvss 9.1epss 0.00
Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping…
- risk 0.57cvss 8.8epss 0.01
An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit…
- risk 0.56cvss 8.6epss 0.00
Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques.
- risk 0.49cvss 7.5epss 0.00
The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle.
- risk 0.49cvss 7.5epss 0.00
Mobile Scanner Android App version 2.12.38 (package name com.glority.everlens), developed by Glority Global Group Ltd., contains a credential leakage vulnerability. Improper handling of cloud service credentials may allow attackers to obtain them and carry out unauthorized…
- risk 0.46cvss —epss 0.00
Unprotected Transport of Credentials vulnerability in OpenText™ Documentum™ Server could allow Credential Stuffing.This issue affects Documentum™ Server: from 16.7 through 23.4.
- risk 0.44cvss 6.8epss 0.00
An unauthenticated remote attacker (MITM) can intercept the websocket messages to gain access to the login credentials for the Webfrontend.
- risk 0.38cvss —epss —
### Impact When the proof key recovered from the RSTR can be observed by a party that is not the legitimate client, that party can impersonate the authenticated Windows principal for the lifetime of the SCT (default ~10 hours) and decrypt or forge any subsequent…
- risk 0.38cvss 5.9epss 0.00
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle interception of DDNS service credentials.
- risk 0.38cvss 5.9epss 0.00
Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks. This issue affects Avantra: before 25.3.0.
- CVE-2025-61916Jan 5, 2026risk 0.00cvss —epss 0.00
Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into…
- CVE-2024-1102Apr 25, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.
- CVE-2023-28708Mar 22, 2023risk 0.00cvss —epss 0.02
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did…