Filtered by CWE-522
Filtered by vendor Subscriptions
Total 1126 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2012-4028 1 Tridium 1 Niagara Ax 2024-11-21 N/A
Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication.
CVE-2012-3823 1 Arialsoftware 1 Campaign Enterprise 2024-11-21 7.5 High
Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved.
CVE-2012-3268 2 Hp, Huawei 675 0150a129, 0150a12a, 0150a12b and 672 more 2024-11-21 N/A
Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community.
CVE-2012-3025 1 Tridium 1 Niagara Ax 2024-11-21 N/A
The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2010-4178 2 Fedoraproject, Oracle 2 Fedora, Mysql-gui-tools 2024-11-21 5.5 Medium
MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console
CVE-2010-2496 1 Clusterlabs 2 Cluster Glue, Pacemaker 2024-11-21 5.5 Medium
stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer.
CVE-2007-0681 1 Extcalendar Project 1 Extcalendar 2024-11-21 9.8 Critical
profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php.
CVE-2005-3435 1 Archilles 1 Newsworld 2024-11-21 9.8 Critical
admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument.
CVE-2000-0944 1 Cgi 1 Script Center News Update 2024-11-21 9.8 Critical
CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password.
CVE-1999-0013 1 Ssh 1 Ssh 2024-11-21 8.4 High
Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user.
CVE-2021-1232 2024-11-18 6.5 Medium
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of an affected system. This vulnerability is due to insufficient access control for sensitive information that is written to an affected system. An attacker could exploit this vulnerability by accessing sensitive information that they are not authorized to access on an affected system. A successful exploit could allow the attacker to gain access to devices and other network management systems that they should not have access to.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVE-2024-47805 1 Jenkins 1 Credentials 2024-11-13 7.5 High
Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier, except 1371.1373.v4eb_fa_b_7161e9, does not redact encrypted values of credentials using the `SecretBytes` type when accessing item `config.xml` via REST API or CLI.
CVE-2022-45157 2024-11-13 9.1 Critical
A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext object inside Rancher. This vulnerability is only applicable to users that deploy clusters in vSphere environments.
CVE-2024-47588 2024-11-12 4.7 Medium
In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the logs. This leads to a high impact on confidentiality, with no impact on integrity or availability.
CVE-2024-51240 1 Openwrt 1 Luci 2024-11-06 8 High
An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an admin account to root via the JSON-RPC-API, which is exposed by the luci-mod-rpc package
CVE-2024-34882 2 Bitrix, Bitrix24 2 Bitrix24, Bitrix24 2024-11-06 6.8 Medium
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request.
CVE-2024-34883 2 Bitrix, Bitrix24 2 Bitrix24, Bitrix24 2024-11-06 6.8 Medium
Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request.
CVE-2024-34887 2 Bitrix, Bitrix24 2 Bitrix24, Bitrix24 2024-11-06 6.8 Medium
Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request.
CVE-2024-34885 1 Bitrix 1 Bitrix24 2024-11-05 6.8 Medium
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request.
CVE-2023-50310 1 Ibm 1 Cics Transaction Gateway 2024-11-05 4.9 Medium
IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.