Filtered by CWE-522
Filtered by vendor Subscriptions
Total 1126 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-18074 4 Canonical, Opensuse, Python and 1 more 8 Ubuntu Linux, Leap, Requests and 5 more 2024-11-21 7.5 High
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
CVE-2018-17969 1 Samsung 2 Scx-6545x, Scx-6545x Firmware 2024-11-21 N/A
Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote attackers to discover cleartext credentials via iso.3.6.1.4.1.236.11.5.11.81.10.1.5.0 and iso.3.6.1.4.1.236.11.5.11.81.10.1.6.0 SNMP requests.
CVE-2018-17922 1 Circontrol 2 Circarlife, Circarlife Firmware 2024-11-21 N/A
Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication.
CVE-2018-17900 1 Yokogawa 8 Fcj, Fcj Firmware, Fcn-100 and 5 more 2024-11-21 N/A
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers.
CVE-2018-17871 1 Verint 1 Verba Collaboration Compliance And Quality Management Platform 2024-11-21 6.5 Medium
Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Incorrect Access Control.
CVE-2018-17613 1 Telegram 1 Telegram Desktop 2024-11-21 N/A
Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol.
CVE-2018-17500 1 Envoy 1 Passport 2024-11-21 N/A
Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information.
CVE-2018-17245 1 Elastic 1 Kibana 2024-11-21 N/A
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider.
CVE-2018-16987 1 Squashtest 1 Squash Tm 2024-11-21 N/A
Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code.
CVE-2018-16984 1 Djangoproject 1 Django 2024-11-21 N/A
An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes.
CVE-2018-16791 1 Solarwinds 1 Sftp\/scp Server 2024-11-21 N/A
In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. This also grants the attacker an ability to backdoor the server.
CVE-2018-16669 1 Circontrol 1 Open Charge Point Protocol 2024-11-21 N/A
An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife panels.
CVE-2018-16223 1 Qbeecam 1 Qbeecam 2024-11-21 N/A
Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password.
CVE-2018-16222 1 Ismartalarm 1 Ismartalarm 2024-11-21 N/A
Cleartext Storage of credentials in the iSmartAlarmData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password.
CVE-2018-16153 1 Apereo 1 Opencast 2024-11-21 7.5 High
An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations.
CVE-2018-15717 1 Opendental 1 Opendental 2024-11-21 N/A
Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes.
CVE-2018-14081 2 D-link, Dlink 4 Dir-809 A1 Firmware, Dir-809 A2 Firmware, Dir-809 Guestzone Firmware and 1 more 2024-11-21 N/A
An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Device passwords, such as the admin password and the WPA key, are stored in cleartext.
CVE-2018-13822 1 Broadcom 1 Project Portfolio Management 2024-11-21 7.5 High
Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information.
CVE-2018-13789 1 Descor 1 Infocad Fm 2024-11-21 N/A
An issue was discovered in Descor Infocad FM before 3.1.0.0. An unauthenticated web service allows the retrieval of files on the web server and on reachable SMB servers.
CVE-2018-13014 1 Safensoft 3 Enterprise Suite, Syswatch, Tpsecure 2024-11-21 N/A
Storing password in recoverable format in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.2 allows the local attacker to restore the SysWatch password from the settings database and modify program settings.