Filtered by CWE-255
Filtered by vendor Subscriptions
Total 756 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-6110 3 Ibm, Linux, Microsoft 4 Tivoli Storage Manager, Tivoli Storage Manager For Virtual Environments Data Protection For Vmware, Linux Kernel and 1 more 2024-11-21 N/A
IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.
CVE-2016-6093 1 Ibm 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager 2024-11-21 N/A
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
CVE-2016-5950 1 Ibm 1 Kenexa Lcms Premier 2024-11-21 N/A
IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user.
CVE-2016-5890 1 Ibm 1 Sterling B2b Integrator 2024-11-21 N/A
IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors.
CVE-2016-5848 1 Siemens 1 Sicam Pas\/pqs 2024-11-21 6.7 Medium
Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges.
CVE-2016-5838 1 Wordpress 1 Wordpress 2024-11-21 N/A
WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie.
CVE-2016-5670 1 Crestron 2 Dm-txrx-100-str, Dm-txrx-100-str Firmware 2024-11-21 N/A
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface.
CVE-2016-5411 1 Redhat 2 Enterprise Linux, Quickstart Cloud Installer 2024-11-21 N/A
/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system.
CVE-2016-5070 1 Sierrawireless 2 Aleos Firmware, Gx 440 2024-11-21 N/A
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.
CVE-2016-5066 1 Sierrawireless 2 Aleos Firmware, Gx 440 2024-11-21 N/A
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.
CVE-2016-4996 1 Redhat 3 Enterprise Linux Server, Satellite, Satellite Capsule 2024-11-21 N/A
discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console.
CVE-2016-4670 1 Apple 2 Iphone Os, Mac Os X 2024-11-21 N/A
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover lengths of arbitrary passwords by reading a log.
CVE-2016-4527 1 Abb 1 Pcm600 2024-11-21 N/A
ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2016-4325 1 Lantronix 1 Xprintserver Firmware 2024-11-21 N/A
Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors.
CVE-2016-4028 1 Open-xchange 1 Ox Guard 2024-11-21 N/A
An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided token matches the encryption padding. In combination with AES-CBC, this allows attackers to guess the correct padding. Attackers may run brute-forcing attacks on the content of the guest authentication token and discover user credentials. For a practical attack vector, the guest users needs to have logged in, the content of the guest user's "OxReaderID" cookie and the value of the "auth" parameter needs to be known to the attacker.
CVE-2016-3952 1 Web2py 1 Web2py 2024-11-21 N/A
web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/template_examples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access.
CVE-2016-3946 1 Sap 1 Sapconsole 2024-11-21 N/A
SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461.
CVE-2016-3749 1 Google 1 Android 2024-11-21 N/A
server/LockSettingsService.java in LockSettingsService in Android 6.x before 2016-07-01 allows attackers to modify the screen-lock password or pattern via a crafted application, aka internal bug 28163930.
CVE-2016-3704 3 Fedoraproject, Pulpproject, Redhat 4 Fedora, Pulp, Satellite and 1 more 2024-11-21 N/A
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.
CVE-2016-3685 3 Apple, Microsoft, Sap 3 Macos, Windows, Download Manager 2024-11-21 N/A
SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in the program code and a computer BIOS serial number, aka SAP Security Note 2282338.