Vulnerabilities (CVE)

Filtered by CWE-312
Total 576 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-16638 1 Ruijie 2 Eg-2000se, Eg-2000se Firmware 2024-11-21 N/A 7.5 HIGH
An issue was found on the Ruijie EG-2000 series gateway. An attacker can easily dump cleartext stored passwords in /data/config.text with simple XORs. This affects EG-2000SE EG_RGOS 11.1(1)B1.
CVE-2019-16062 1 Netsas 1 Enigma Network Management Solution 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data stored within the SQL database. It is possible for an attacker to expose unencrypted sensitive data.
CVE-2019-15947 1 Bitcoin 1 Bitcoin Core 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's wallet.dat file, including their private keys, via a grep "6231 0500" command.
CVE-2019-15508 1 Octopus 2 Server, Tentacle 2024-11-21 3.5 LOW 6.5 MEDIUM
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The fix was back-ported to 4.0.7.
CVE-2019-15507 1 Octopus 1 Server 2024-11-21 3.5 LOW 6.5 MEDIUM
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. The fix was back-ported to LTS 2019.6.7 as well as LTS 2019.3.8.
CVE-2019-15023 1 Zingbox 1 Inspector 2024-11-21 5.0 MEDIUM 7.5 HIGH
A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration.
CVE-2019-14890 1 Redhat 1 Ansible Tower 2024-11-21 2.1 LOW 8.4 HIGH
A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license.
CVE-2019-14886 1 Redhat 2 Decision Manager, Process Automation Manager 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords being exposed.
CVE-2019-14825 1 Theforeman 1 Katello 2024-11-21 4.0 MEDIUM 2.7 LOW
A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.
CVE-2019-13100 1 Send-anywhere 1 Send Anywhere 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
The Send Anywhere application 9.4.18 for Android stores confidential information insecurely on the system (i.e., in cleartext), which allows a non-root user to find out the username/password of a valid user via /data/data/com.estmob.android.sendanywhere/shared_prefs/sendanywhere_device.xml.
CVE-2019-13099 1 Momo Project 1 Momo 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
The Momo application 2.1.9 for Android stores confidential information insecurely on the system (i.e., in cleartext), which allows a non-root user to find out the username/password of a valid user and a user's access token via Logcat.
CVE-2019-13096 1 Tronlink 1 Wallet 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid user via /data/data/com.tronlink.wallet/shared_prefs/<wallet-name>.xml to gain unauthorized access.
CVE-2019-13021 1 Jetstream 1 Jetselect 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password using ENCtool.jar (see CVE-2019-13022). This allows any low-privilege user who can read this file to trivially obtain the passwords for the administrative accounts of the JetSelect application. The path to the file containing the encoded password hash is /opt/JetSelect/SFC/resources/sfc-general-properties.
CVE-2019-12171 1 Dropbox 1 Dropbox 2024-11-21 4.3 MEDIUM 7.8 HIGH
Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process.
CVE-2019-11966 1 Hp 1 Intelligent Management Center 2024-11-21 9.0 HIGH 8.8 HIGH
A remote privilege escalation vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-11384 1 Zalora 1 Zalora 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
The Zalora application 6.15.1 for Android stores confidential information insecurely on the system (i.e. plain text), which allows a non-root user to find out the username/password of a valid user via /data/data/com.zalora.android/shared_prefs/login_data.xml.
CVE-2019-10682 1 Django-nopassword Project 1 Django-nopassword 2024-11-21 5.0 MEDIUM 7.5 HIGH
django-nopassword before 5.0.0 stores cleartext secrets in the database.
CVE-2019-10453 1 Jenkins 1 Delphix 2024-11-21 2.1 LOW 7.8 HIGH
Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CVE-2019-10452 1 Jenkins 1 View26 Test-reporting 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2019-10451 1 Jenkins 1 Soasta Cloudtest 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.