Total
1024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0335 | 1 Cisco | 1 Prime Collaboration | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring a specific World-Readable file for this authentication data (Cleartext Passwords). An exploit could allow the attacker to gain authentication information for other users. Cisco Bug IDs: CSCvd86602. | |||||
| CVE-2017-9969 | 1 Schneider-electric | 1 Igss Mobile | 2024-11-21 | 2.1 LOW | 6.7 MEDIUM |
| An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information. | |||||
| CVE-2017-9654 | 1 Philips | 1 Dosewise | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. | |||||
| CVE-2017-9637 | 1 Schneider-electric | 1 Ampla Manufacturing Execution System | 2024-11-21 | 1.9 LOW | 4.1 MEDIUM |
| Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection string. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible. | |||||
| CVE-2017-9557 | 1 Echatserver | 1 Easy Chat Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response. | |||||
| CVE-2017-9248 | 2 Progress, Telerik | 2 Sitefinity, Ui For Asp.net Ajax | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise. | |||||
| CVE-2017-9136 | 1 Mimosa | 2 Backhaul Radios, Client Radios | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be used to view unsalted, MD5-hashed administrator passwords, which can then be cracked, giving the attacker full admin access to the device's web interface. This vulnerability can also be used to view the plaintext pre-shared key (PSK) for encrypted wireless connections, or to view the device's serial number (which allows an attacker to factory reset the device). | |||||
| CVE-2017-8837 | 1 Peplink | 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and /etc/roapass. In case one of these devices is compromised, the attacker can gain access to passwords and abuse them to compromise further systems. | |||||
| CVE-2017-8371 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
| Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2017-8296 | 1 Ked Password Manager Project | 1 Ked Password Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of the master password if the "password" command is used with an argument. The names of the password entries created and consulted are also accessible in cleartext. | |||||
| CVE-2017-8225 | 1 Wificam | 2 Wireless Ip Camera \(p2p\), Wireless Ip Camera \(p2p\) Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI. | |||||
| CVE-2017-8222 | 1 Wificam | 2 Wireless Ip Camera \(p2p\), Wireless Ip Camera \(p2p\) Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Wireless IP Camera (P2P) WIFICAM devices have an "Apple Production IOS Push Services" private RSA key and certificate stored in /system/www/pem/ck.pem inside the firmware, which allows attackers to obtain sensitive information. | |||||
| CVE-2017-7933 | 1 Abb | 2 Ip Gateway, Ip Gateway Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access. | |||||
| CVE-2017-7925 | 1 Dahuasecurity | 30 Ddh-hcvr4xxx, Dh-hcvr4xxx Firmware, Dh-hcvr5xxx and 27 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information. | |||||
| CVE-2017-7913 | 1 Moxa | 12 Oncell 5004-hspa, Oncell 5004-hspa Firmware, Oncell 5104-hsdpa and 9 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application's configuration file contains parameters that represent passwords in plaintext. | |||||
| CVE-2017-7905 | 1 Ge | 20 Multilin Sr 369 Motor Protection Relay, Multilin Sr 369 Motor Protection Relay Firmware, Multilin Sr 469 Motor Protection Relay and 17 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands. | |||||
| CVE-2017-7524 | 1 Tpm2-tools Project | 1 Tpm2.0-tools | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC. | |||||
| CVE-2017-7315 | 1 Humaxdigital | 2 Hg100r, Hg100r Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin. | |||||
| CVE-2017-6709 | 1 Cisco | 1 Ultra Services Framework | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerability exists because the affected software logs administrative credentials in clear text for Cisco ESC and Cisco OpenStack deployment purposes. An attacker could exploit this vulnerability by accessing the AutoVNF URL for the location where the log files are stored and subsequently accessing the administrative credentials that are stored in clear text in those log files. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76659. | |||||
| CVE-2017-6694 | 1 Cisco | 1 Ultra Services Platform | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system. More Information: CSCvd29355. Known Affected Releases: 21.0.v0.65839. | |||||