Vulnerabilities (CVE)

CWE filter

CWE-522

Filter

168 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-9533 1 Cobham 1 Explorer 710 Firmware 2019-10-16 10.0
The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device.
CVE-2019-13929 1 Siemens 1 Simatic It Uadm 2019-10-15 4.0
A vulnerability has been identified in SIMATIC IT UADM (All versions < V1.3). An authenticated remote attacker with network access to port 1434/tcp of SIMATIC IT UADM could potentially recover a password that can be used to gain read and write...
CVE-2019-15859 2019-10-10 10.0
Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI.
CVE-2019-3736 1 Dell 1 Emc Integrated Data Protection Appliance Firmware 2019-10-09 4.0
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted...
CVE-2019-10398 1 Jenkins 1 Beaker Builder 2019-10-09 2.1
Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
CVE-2019-10397 1 Jenkins 1 Aqua Security Severless Scanner 2019-10-09 2.6
Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure.
CVE-2018-8851 1 Echelon 3 I.lon 100 Firmware, I.lon 600 Firmware, Smartserver 1 Firmware 2019-10-09 5.0
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration...
CVE-2018-7820 2019-10-09 5.0
A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled.
CVE-2018-7518 2019-10-09 5.0
In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, an attacker with network access to the integrated web server could retrieve default or user defined credentials stored and transmitted in an insecure manner.
CVE-2018-7510 2019-10-09 5.0
In the web application in BeaconMedaes TotalAlert Scroll Medical Air Systems running software versions prior to 4107600010.23, passwords are presented in plaintext in a file that is accessible without authentication.
CVE-2018-5446 1 Medtronic 1 2090 Carelink Programmer Firmware 2019-10-09 2.1
All versions of the Medtronic 2090 Carelink Programmer are affected by a per-product username and password that is stored in a recoverable format which could allow an attacker with physical access to a 2090 Programmer to obtain per-product...
CVE-2018-1498 1 Ibm 1 Security Guardium 2019-10-09 2.1
IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 141223.
CVE-2018-1139 3 Samba, Canonical, Redhat 5 Samba, Ubuntu Linux, Enterprise Linux Desktop and 2 more 2019-10-09 4.3
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed...
CVE-2018-1075 1 Ovirt 1 Ovirt 2019-10-09 2.1
ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was...
CVE-2018-1074 2 Ovirt, Redhat 2 Ovirt, Enterprise Virtualization 2019-10-09 4.0
ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain...
CVE-2018-17900 1 Yokogawa 4 Fcj Firmware, Fcn-100 Firmware, Fcn-500 Firmware and 1 more 2019-10-09 5.0
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers.
CVE-2018-17245 1 Elasticsearch 1 Kibana 2019-10-09 5.0
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request...
CVE-2018-15717 1 Opendental 1 Opendental 2019-10-09 5.0
Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes.
CVE-2018-15456 1 Cisco 1 Identity Services Engine 2019-10-09 4.0
A vulnerability in the Admin Portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to view saved passwords in plain text. The vulnerability is due to the incorrect inclusion of saved passwords when loading...
CVE-2018-11746 1 Puppet 1 Discovery 2019-10-09 5.0
In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by...