Filtered by CWE-522
Filtered by vendor Subscriptions
Total 1126 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-12383 4 Canonical, Debian, Mozilla and 1 more 12 Ubuntu Linux, Debian Linux, Firefox and 9 more 2024-11-21 N/A
If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1.
CVE-2018-12260 1 Apollotechnologiesinc 2 Momentum Axel 720p, Momentum Axel 720p Firmware 2024-11-21 N/A
An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all devices
CVE-2018-12038 1 Samsung 2 840 Evo, 840 Evo Firmware 2024-11-21 N/A
An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to the disk-encryption key.
CVE-2018-11752 1 Puppet 1 Cisco Ios 2024-11-21 5.5 Medium
Previous releases of the Puppet cisco_ios module output SSH session debug information including login credentials to a world readable file on every run. These issues have been resolved in the 0.4.0 release.
CVE-2018-11748 1 Puppet 1 Device Manager 2024-11-21 N/A
Previous releases of the Puppet device_manager module creates configuration files containing credentials that are world readable. This issue has been resolved as of device_manager 2.7.0.
CVE-2018-11746 1 Puppet 1 Discovery 2024-11-21 N/A
In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery.
CVE-2018-11742 1 Nec 2 Univerge Sv9100 Webpro, Univerge Sv9100 Webpro Firmware 2024-11-21 9.8 Critical
NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI.
CVE-2018-11639 1 Dialogic 1 Powermedia Xms 2024-11-21 N/A
Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to access a user's password in cleartext.
CVE-2018-11634 1 Dialogic 1 Powermedia Xms 2024-11-21 N/A
Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db.
CVE-2018-11544 1 Theolivetree 1 Ftp Server 2024-11-21 9.8 Critical
The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings.
CVE-2018-11079 1 Emc 1 Secure Remote Services 2024-11-21 N/A
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database.
CVE-2018-11050 1 Dell 1 Emc Networker 2024-11-21 N/A
Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component. User credentials are sent unencrypted to the remote AMQP service. An unauthenticated attacker in the same network collision domain, could potentially sniff the password from the network and use it to access the component using the privileges of the compromised user.
CVE-2018-10824 1 Dlink 15 Dir-140l, Dir-140l Firmware, Dir-640l and 12 more 2024-11-21 9.8 Critical
An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access.
CVE-2018-10814 1 Synametrics 1 Synaman 2024-11-21 N/A
Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials.
CVE-2018-10622 1 Medtronic 4 Mycarelink 24950 Patient Monitor, Mycarelink 24950 Patient Monitor Firmware, Mycarelink 24952 Patient Monitor and 1 more 2024-11-21 N/A
A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected products use per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest.
CVE-2018-10355 1 Trendmicro 1 Email Encryption Gateway 2024-11-21 N/A
An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. An attacker must first obtain access to the user database on the target system in order to exploit this vulnerability.
CVE-2018-10327 1 Printeron 1 Printeron 2024-11-21 N/A
PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cps_config.xml file.
CVE-2018-10286 1 Ericssonlg 1 Ipecs Nms 2024-11-21 N/A
The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs to be authenticated.
CVE-2018-10024 1 Ubiquoss 2 Vp5208a, Vp5208a Firmware 2024-11-21 N/A
ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. The file can be reached via an HTTP request. The credentials can be used to access the system via SSH (or TELNET if it is enabled).
CVE-2018-1000851 1 Copay 1 Copay Bitcoin Wallet 2024-11-21 N/A
Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a Other/Unknown vulnerability in wallet private key storage that can result in Users' private key can be compromised. . This attack appear to be exploitable via Affected version run the malicious code at startup . This vulnerability appears to have been fixed in 5.2.0 and later .