Vulnerabilities (CVE)

Filtered by CWE-312
Total 577 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-20162 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords are stored in plaintext in the config files on the device. For example, /etc/config/cameo contains the admin password in plaintext.
CVE-2021-1865 1 Apple 2 Ipados, Iphone Os 2024-11-21 4.3 MEDIUM 5.0 MEDIUM
An issue obscuring passwords in screenshots was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible on screen.
CVE-2021-1265 1 Cisco 1 Dna Center 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being stored in clear text, which can be retrieved by various API calls. An attacker could exploit this vulnerability by authenticating to the device and executing a series of API calls. A successful exploit could allow the attacker to retrieve the full unmasked running configurations of managed devices.
CVE-2021-0337 1 Google 1 Android 2024-11-21 7.2 HIGH 7.8 HIGH
In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-157474195
CVE-2020-9462 1 Homey 4 Homey, Homey Firmware, Homey Pro and 1 more 2024-11-21 3.3 LOW 4.3 MEDIUM
An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks.
CVE-2020-9407 1 Iblsoft 1 Online Weather 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie.
CVE-2020-9045 2 Johnsoncontrols, Tyco 2 C-cure 9000 Firmware, Victor Video Management System 2024-11-21 4.0 MEDIUM 9.9 CRITICAL
During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation.
CVE-2020-8276 1 Brave 1 Brave 2024-11-21 2.1 LOW 5.5 MEDIUM
The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. The intended behavior was to log the timestamp for incognito windows excluding Tor windows. Note that if a user has P3A enabled, the timestamp is not sent to Brave's server, but rather a value from:Used in last 24hUsed in last week but not 24hUsed in last 28 days but not weekEver used but not in last 28 daysNever usedThe privacy risk is low because a local attacker with disk access cannot tell if the timestamp corresponds to a Tor window or a non-Tor incognito window.
CVE-2020-8225 1 Nextcloud 1 Desktop 2024-11-21 5.0 MEDIUM 7.5 HIGH
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
CVE-2020-7517 1 Schneider-electric 1 Easergy Builder 2024-11-21 2.1 LOW 5.5 MEDIUM
A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials.
CVE-2020-7516 1 Schneider-electric 1 Easergy Builder 2024-11-21 2.1 LOW 7.8 HIGH
A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials.
CVE-2020-7513 1 Schneider-electric 2 Easergy T300, Easergy T300 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data.
CVE-2020-7213 1 Parallels 1 Parallels 2024-11-21 7.6 HIGH 7.5 HIGH
Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallels_updates.xml file on the http://update.parallels.com web site.
CVE-2020-6980 1 Rockwellautomation 6 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 3 more 2024-11-21 2.1 LOW 3.3 LOW
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext.
CVE-2020-6794 2 Canonical, Mozilla 2 Ubuntu Linux, Thunderbird 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Thunderbird < 68.5.
CVE-2020-6648 1 Fortinet 2 Fortios, Fortiproxy 2024-11-21 4.0 MEDIUM 5.3 MEDIUM
A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command.
CVE-2020-5899 1 F5 1 Nginx Controller 2024-11-21 4.6 MEDIUM 7.8 HIGH
In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address of another registered user then retrieve the recovery code.
CVE-2020-5805 1 Marvell 1 Qconvergeconslole Gui 2024-11-21 9.0 HIGH 8.8 HIGH
In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml. OS-level users on the QCC host who are not authorized to use QCC may use the plaintext credentials to login to QCC.
CVE-2020-5723 1 Grandstream 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges.
CVE-2020-5018 2 Ibm, Linux 2 Spectrum Protect Plus, Linux Kernel 2024-11-21 5.0 MEDIUM 7.5 HIGH
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654.