Filtered by CWE-255
Filtered by vendor Subscriptions
Total 756 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2006-1002 1 Netgear 1 Wgt624 2024-11-21 N/A
NETGEAR WGT624 Wireless DSL router has a default account of super_username "Gearguy" and super_passwd "Geardog", which allows remote attackers to modify the configuration. NOTE: followup posts have suggested that this might not occur with all WGT624 routers.
CVE-2005-4862 1 Xwiki 1 Xwiki 2024-11-21 N/A
The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password.
CVE-2005-2666 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2024-11-21 N/A
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.
CVE-2004-2777 1 Gehealthcare 1 Centricity Image Vault Firmware 2024-11-21 N/A
GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
CVE-2004-2723 1 Nessus 1 Nessuswx 2024-11-21 N/A
NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords.
CVE-2004-2722 1 Nessus 1 Nessus 2024-11-21 N/A
Nessus 2.0.10a stores account passwords in plaintext in .nessusrc files, which allows local users to obtain passwords. NOTE: the original researcher reports that the vendor has disputed this issue
CVE-2004-2708 1 Phrozensmoke 1 Gyach Enhanced 2024-11-21 N/A
Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, which allows attackers to obtain user passwords by reading the configuration file.
CVE-2004-2696 1 Bea 1 Weblogic Server 2024-11-21 N/A
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call.
CVE-2004-2532 1 Solarwinds 1 Serv-u File Server 2024-11-21 N/A
Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command.
CVE-2004-1366 1 Oracle 9 Application Server, Collaboration Suite, E-business Suite and 6 more 2024-11-21 N/A
Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.
CVE-2003-1605 1 Haxx 1 Curl 2024-11-21 N/A
curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server.
CVE-2003-1603 1 Gehealthcare 1 Discovery Vh 2024-11-21 N/A
GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) "2" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors.
CVE-2003-1588 1 Sun 1 Cluster 2024-11-21 N/A
Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, stores database credentials in cleartext in a cluster configuration file, which allows local users to obtain sensitive information by reading this file.
CVE-2003-1483 1 Flashfxp 1 Flashfxp 2024-11-21 N/A
FlashFXP 1.4 uses a weak encryption algorithm for user passwords, which allows attackers to decrypt the passwords and gain access.
CVE-2003-1482 1 Microsoft 1 Mn-500 Wireless Base Station 2024-11-21 N/A
The backup configuration file for Microsoft MN-500 wireless base station stores administrative passwords in plaintext, which allows local users to gain access.
CVE-2003-1439 1 Silc 1 Secure Internet Live Conferencing 2024-11-21 N/A
Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information.
CVE-2003-1424 1 Petitforum 1 Petitforum 2024-11-21 N/A
message.php in Petitforum does not properly authenticate users, which allows remote attackers to impersonate forum users via a modified connect cookie.
CVE-2003-1417 1 Ncipher 1 Support Software 2024-11-21 N/A
nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the key by reading the (1) key.pem or (2) key.der files.
CVE-2003-1401 1 Php Board 1 Php Board 2024-11-21 N/A
login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request.
CVE-2003-1394 1 Coffeecup Software 1 Coffeecup Password Wizard 2024-11-21 N/A
CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a direct request for the file.