Total
87 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33928 | 1 Dell | 1 Wyse Management Suite | 2022-08-13 | N/A | 8.8 HIGH |
| Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2021-1126 | 1 Cisco | 1 Firepower Management Center | 2022-08-05 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC) could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related configuration files. An attacker could exploit this vulnerability by accessing the CLI of the affected software and viewing the contents of the affected files. A successful exploit could allow the attacker to view the credentials that are used to access the proxy server. | |||||
| CVE-2022-27548 | 1 Hcltechsw | 1 Hcl Launch | 2022-07-14 | 2.1 LOW | 5.5 MEDIUM |
| HCL Launch stores user credentials in plain clear text which can be read by a local user. | |||||
| CVE-2022-31044 | 1 Pagerduty | 1 Rundeck | 2022-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| Rundeck is an open source automation service with a web console, command line tools and a WebAPI. The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resulting in use of the encryption layer for Key Storage possibly not working. Any credentials created or overwritten using Rundeck 4.2.0 or 4.2.1 might result in them being written in plaintext to the backend storage. This affects those using any `Storage Converter` plugin. Rundeck 4.3.1 and 4.2.2 have fixed the code and upon upgrade will re-encrypt any plain text values. Version 4.3.0 does not have the vulnerability, but does not include the patch to re-encrypt plain text values if 4.2.0 or 4.2.1 were used. To prevent plaintext credentials from being stored in Rundeck 4.2.0/4.2.1, write access to key storage can be disabled via ACLs. After upgrading to 4.3.1 or later, write access can be restored. | |||||
| CVE-2022-29085 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2022-06-13 | 4.6 MEDIUM | 6.7 MEDIUM |
| Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. | |||||
| CVE-2021-32978 | 1 Automationdirect | 40 C0-10are-d, C0-10are-d Firmware, C0-10dd1e-d and 37 more | 2022-04-13 | 5.0 MEDIUM | 7.5 HIGH |
| The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00. | |||||
| CVE-2021-43590 | 1 Dell | 1 Enterprise Storage Analytics | 2022-03-12 | 3.6 LOW | 6.0 MEDIUM |
| Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2022-22554 | 1 Dell | 1 Emc System Update | 2022-01-28 | 2.1 LOW | 5.5 MEDIUM |
| Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials vulnerability. A local attacker with user privleges could potentially exploit this vulnerability leading to the disclosure of user passwords. | |||||
| CVE-2019-10921 | 1 Siemens | 2 Logo\!8 Bm, Logo\!8 Bm Firmware | 2022-01-04 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Unencrypted storage of passwords in the project could allow an attacker with access to port 10005/tcp to obtain passwords of the device. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known | |||||
| CVE-2020-5315 | 1 Dell | 1 Emc Repository Manager | 2021-08-02 | 2.1 LOW | 8.8 HIGH |
| Dell EMC Repository Manager (DRM) version 3.2 contains a plain-text password storage vulnerability. Proxy server user password is stored in a plain text in a local database. A local authenticated malicious user with access to the local file system may use the exposed password to access the with privileges of the compromised user. | |||||
| CVE-2021-25358 | 1 Google | 1 Android | 2021-04-19 | 2.1 LOW | 3.3 LOW |
| A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications. | |||||
| CVE-2020-26079 | 1 Cisco | 1 Iot Field Network Director | 2020-11-25 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by logging in as an administrative user and crafting a call for user information. A successful exploit could allow the attacker to obtain hashes of user passwords on an affected device. | |||||
| CVE-2020-3483 | 1 Cisco | 1 Duo Network Gateway | 2020-10-29 | 3.3 LOW | 6.3 MEDIUM |
| Duo has identified and fixed an issue with the Duo Network Gateway (DNG) product in which some customer-provided SSL certificates and private keys were not excluded from logging. This issue resulted in certificate and private key information being written out in plain-text to local files on the DNG host. Any private keys logged in this way could be viewed by those with access to the DNG host operating system without any need for reversing encrypted values or similar techniques. An attacker that gained access to the DNG logs and with the ability to intercept and manipulate network traffic between a user and the DNG, could decrypt and manipulate SSL/TLS connections to the DNG and to the protected applications behind it. Duo Network Gateway (DNG) versions 1.3.3 through 1.5.7 are affected. | |||||
| CVE-2020-1669 | 1 Juniper | 2 Junos, Nfx350 | 2020-10-27 | 2.1 LOW | 6.3 MEDIUM |
| The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. This issue affects Juniper Networks Junos OS on NFX350: 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2. | |||||
| CVE-2019-6518 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2020-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device. | |||||
| CVE-2018-7515 | 1 Omron | 1 Cx-supervisor | 2020-10-02 | 4.6 MEDIUM | 5.3 MEDIUM |
| In Omron CX-Supervisor Versions 3.30 and prior, access of uninitialized pointer vulnerabilities can be exploited when CX Supervisor indirectly calls an initialized pointer when parsing malformed packets. | |||||
| CVE-2019-0032 | 1 Juniper | 2 Service Insight, Service Now | 2020-09-29 | 2.1 LOW | 7.8 HIGH |
| A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper Networks Service Insight versions from 15.1R1, prior to 18.1R1. Service Now versions from 15.1R1, prior to 18.1R1. | |||||
| CVE-2020-10609 | 1 Grundfos | 1 Cim 500 | 2020-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device. | |||||
| CVE-2020-5374 | 1 Dell | 2 Emc Omimssc For Sccm, Emc Omimssc For Scvmm | 2020-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain a hard-coded cryptographic key vulnerability. A remote unauthenticated attacker may exploit this vulnerability to gain access to the appliance data for remotely managed devices. | |||||
| CVE-2019-19105 | 2 Abb, Busch-jaeger | 4 Tg\/s3.2, Tg\/s3.2 Firmware, 6186\/11 and 1 more | 2020-04-29 | 2.1 LOW | 5.5 MEDIUM |
| The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other configuration's credentials in plaintext. | |||||