Vulnerabilities (CVE)

Filtered by CWE-312
Total 574 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-17511 1 Apache 1 Airflow 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.
CVE-2020-5805 1 Marvell 1 Qconvergeconslole Gui 2024-02-28 9.0 HIGH 8.8 HIGH
In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml. OS-level users on the QCC host who are not authorized to use QCC may use the plaintext credentials to login to QCC.
CVE-2020-35454 1 Taidii 1 Diibear 2024-02-28 2.1 LOW 6.8 MEDIUM
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from an Android backup because of insecure application configuration.
CVE-2021-27205 2 Apple, Telegram 2 Macos, Telegram 2024-02-28 2.1 LOW 5.5 MEDIUM
Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure.
CVE-2021-27174 1 Fiberhome 2 Hg6245d, Hg6245d Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. wifi_custom.cfg has cleartext passwords and 0644 permissions.
CVE-2020-4604 2 Ibm, Linux 2 Security Guardium Insights, Linux Kernel 2024-02-28 2.1 LOW 4.4 MEDIUM
IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 184861.
CVE-2020-29500 1 Dell 2 Emc Powerstore, Emc Powerstore Firmware 2024-02-28 4.6 MEDIUM 6.7 MEDIUM
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
CVE-2020-4619 1 Ibm 1 Data Risk Manager 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 184976.
CVE-2021-27175 1 Fiberhome 2 Hg6245d, Hg6245d Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_2g.cfg has cleartext passwords and 0644 permissions.
CVE-2018-19941 1 Qnap 3 Qts, Quts Hero, Qutscloud 2024-02-28 5.0 MEDIUM 7.5 HIGH
A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.2.1379 build 20200730 (and later)
CVE-2020-27613 1 Bigbluebutton 1 Bigbluebutton 2024-02-28 4.6 MEDIUM 8.4 HIGH
The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access.
CVE-2021-26550 1 Smartfoxserver 1 Smartfoxserver 2024-02-28 2.1 LOW 5.5 MEDIUM
An issue was discovered in SmartFoxServer 2.17.0. Cleartext password disclosure can occur via /config/server.xml.
CVE-2020-28917 1 View Frontend Statistics Project 1 View Frontend Statistics 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in the view_statistics (aka View frontend statistics) extension before 2.0.1 for TYPO3. It saves all GET and POST data of TYPO3 frontend requests to the database. Depending on the extensions used on a TYPO3 website, sensitive data (e.g., cleartext passwords if ext:felogin is installed) may be saved.
CVE-2020-6648 1 Fortinet 2 Fortios, Fortiproxy 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command.
CVE-2021-27140 1 Fiberhome 2 Hg6245d, Hg6245d Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find passwords and authentication cookies stored in cleartext in the web.log HTTP logs.
CVE-2021-23827 4 Apple, Keybase, Microsoft and 1 more 4 Macos, Keybase, Windows and 1 more 2024-02-28 2.1 LOW 5.5 MEDIUM
Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the "Explode message/Explode now" functionality. Local filesystem access is needed by the attacker.
CVE-2021-20408 2 Ibm, Linux 2 Security Verify Information Queue, Linux Kernel 2024-02-28 2.1 LOW 5.5 MEDIUM
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key. IBM X-Force ID: 198187.
CVE-2021-27204 2 Apple, Telegram 2 Macos, Telegram 2024-02-28 2.1 LOW 5.5 MEDIUM
Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure.
CVE-2020-8276 1 Brave 1 Brave 2024-02-28 2.1 LOW 5.5 MEDIUM
The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. The intended behavior was to log the timestamp for incognito windows excluding Tor windows. Note that if a user has P3A enabled, the timestamp is not sent to Brave's server, but rather a value from:Used in last 24hUsed in last week but not 24hUsed in last 28 days but not weekEver used but not in last 28 daysNever usedThe privacy risk is low because a local attacker with disk access cannot tell if the timestamp corresponds to a Tor window or a non-Tor incognito window.
CVE-2020-13473 1 Nchsoftware 1 Express Accounts 2024-02-28 2.1 LOW 5.5 MEDIUM
NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file.