Vulnerabilities (CVE)

Filtered by CWE-522
Total 1024 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-6532 1 Televes 2 Coaxdata Gateway 1gbps, Coaxdata Gateway 1gbps Firmware 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 have cleartext credentials in /mib.db.
CVE-2017-6528 1 Dnatools 1 Dnalims 2024-11-21 4.3 MEDIUM 8.1 HIGH
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file).
CVE-2017-6028 1 Schneider-electric 4 Modicon M241, Modicon M241 Firmware, Modicon M251 and 1 more 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application.
CVE-2017-5704 1 Intel 3 Core I3, Core I5, Core I7 2024-11-21 2.1 LOW 6.7 MEDIUM
Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Intel Core Processor potentially exposes password information in memory to a local attacker with administrative privileges.
CVE-2017-5700 1 Intel 10 Nuc7i3bnh, Nuc7i3bnh Firmware, Nuc7i3bnk and 7 more 2024-11-21 7.2 HIGH 8.4 HIGH
Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage.
CVE-2017-5140 1 Honeywell 1 Xl Web Ii Controller 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text.
CVE-2017-5139 1 Honeywell 1 Xl Web Ii Controller 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password.
CVE-2017-4923 1 Vmware 1 Vcenter Server 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature.
CVE-2017-3760 1 Lenovo 1 Service Framework 2024-11-21 5.1 MEDIUM 8.1 HIGH
The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. This exposes the application to man-in-the-middle attacks leading to possible remote code execution.
CVE-2017-3214 1 Milwaukeetool 1 One-key 2024-11-21 5.0 MEDIUM 7.5 HIGH
The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary.
CVE-2017-3192 2 D-link, Dlink 4 Dir-130 Firmware, Dir-330 Firmware, Dir-130 and 1 more 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device.
CVE-2017-2751 1 Hp 68 Compaq 14-h000, Compaq 14-h000 Firmware, Compaq 14-s000 and 65 more 2024-11-21 2.1 LOW 4.6 MEDIUM
A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014.
CVE-2017-2665 2 Mongodb, Redhat 2 Mongodb, Storage Console 2024-11-21 1.9 LOW 4.8 MEDIUM
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text.
CVE-2017-1779 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 2.1 LOW 7.8 HIGH
IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824.
CVE-2017-1764 1 Ibm 1 Cognos Business Intelligence 2024-11-21 1.9 LOW 7.0 HIGH
IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149.
CVE-2017-1411 1 Ibm 1 Security Identity Governance And Intelligence 2024-11-21 5.0 MEDIUM 5.9 MEDIUM
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 127399.
CVE-2017-1378 1 Ibm 1 Tivoli Storage Manager 2024-11-21 2.1 LOW 7.8 HIGH
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.
CVE-2017-1362 1 Ibm 1 Security Identity Manager 2024-11-21 2.1 LOW 7.8 HIGH
IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801.
CVE-2017-1337 1 Ibm 1 Websphere Mq 2024-11-21 4.3 MEDIUM 8.1 HIGH
IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245.
CVE-2017-1231 1 Ibm 1 Bigfix Platform 2024-11-21 2.1 LOW 4.4 MEDIUM
IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123910.