Filtered by CWE-522
Filtered by vendor Subscriptions
Total 1126 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-5704 1 Intel 3 Core I3, Core I5, Core I7 2024-11-21 N/A
Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Intel Core Processor potentially exposes password information in memory to a local attacker with administrative privileges.
CVE-2017-5700 1 Intel 10 Nuc7i3bnh, Nuc7i3bnh Firmware, Nuc7i3bnk and 7 more 2024-11-21 N/A
Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage.
CVE-2017-5189 1 Netiq 1 Imanager 2024-11-21 N/A
NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.
CVE-2017-5140 1 Honeywell 1 Xl Web Ii Controller 2024-11-21 N/A
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text.
CVE-2017-5139 1 Honeywell 1 Xl Web Ii Controller 2024-11-21 N/A
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password.
CVE-2017-4966 3 Debian, Pivotal Software, Vmware 3 Debian Linux, Rabbitmq, Rabbitmq 2024-11-21 7.8 High
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack.
CVE-2017-4923 1 Vmware 1 Vcenter Server 2024-11-21 N/A
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature.
CVE-2017-3760 1 Lenovo 1 Service Framework 2024-11-21 N/A
The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. This exposes the application to man-in-the-middle attacks leading to possible remote code execution.
CVE-2017-3214 1 Milwaukeetool 1 One-key 2024-11-21 7.5 High
The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary.
CVE-2017-3192 2 D-link, Dlink 4 Dir-130 Firmware, Dir-330 Firmware, Dir-130 and 1 more 2024-11-21 N/A
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device.
CVE-2017-2751 1 Hp 68 Compaq 14-h000, Compaq 14-h000 Firmware, Compaq 14-s000 and 65 more 2024-11-21 N/A
A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014.
CVE-2017-2665 2 Mongodb, Redhat 2 Mongodb, Storage Console 2024-11-21 N/A
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text.
CVE-2017-1779 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2024-11-21 N/A
IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824.
CVE-2017-1764 1 Ibm 1 Cognos Business Intelligence 2024-11-21 N/A
IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149.
CVE-2017-1411 1 Ibm 1 Security Identity Governance And Intelligence 2024-11-21 N/A
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 127399.
CVE-2017-1378 1 Ibm 1 Tivoli Storage Manager 2024-11-21 N/A
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.
CVE-2017-1362 1 Ibm 1 Security Identity Manager 2024-11-21 N/A
IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801.
CVE-2017-1337 1 Ibm 1 Websphere Mq 2024-11-21 N/A
IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245.
CVE-2017-1231 1 Ibm 1 Bigfix Platform 2024-11-21 N/A
IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123910.
CVE-2017-1207 1 Ibm 2 Integration Bus, Websphere Message Broker 2024-11-21 N/A
IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.