The vulnerability of the Red Hat OpenShift Container Platform corporate platform arises from the lack of measures taken to protect the website structure, allowing attackers to expose authentication data.

The vulnerability of the Red Hat OpenShift Container Platform exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to obtain authentication credentials through a specially created link...

Information Disclosure

com.liferay.dynamic.data.mapping.service is vulnerable to information disclosure. The vulnerability exists as it does not remove authentication data in the response sent by the DDMDataProvider API...

CVE-2020-11557

An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request's cookie value...

Information Disclosure Vulnerability in Multiple Rockwell Automation Products

Rockwell Automation MicroLogix 1400 Controllers Series A and so on are the products of Rockwell Automation, Inc.Rockwell Automation MicroLogix 1400 Controllers Series A is a programmable logic controller.MicroLogix 1100 Controllers is a programmable logic controller.RSLogix 500 Software is a set ...

The vulnerability of the etc/shadow microprogramming software components of Cisco Small Business RV016, RV042, RV042G, and RV082 allows a hacker to elevate their privileges to the level of root or lldpd.

The vulnerability of the etc/shadow microprogramming software components of Cisco Small Business RV016, RV042, RV042G, and RV082 is related to the presence of embedded authentication data. Exploiting this vulnerability can allow an attacker to elevate their privileges to the level of root or lldp...

The vulnerability of Cisco Small Business RV016, RV042, RV042G, and RV082 router microprogramming software lies in the presence of embedded authentication data (a static H.509 certificate), which allows attackers to escalate their privileges.

The vulnerability of Cisco Small Business RV016, RV042, RV042G, and RV082 router microprogramming software is related to the presence of embedded authentication data static certificate H.509. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

Multiple Weidmueller Product Information Disclosure Vulnerabilities

Weidmueller IE-SW-VL05M-5TX and so on are an industrial Ethernet switch from Weidmueller, Germany. An information disclosure vulnerability exists in multiple Weidmueller products, which can be exploited by an attacker to guess the authentication information in a cookie...

The vulnerability of the JunOS operating system, related to the logging of authentication data in an open manner, allows a perpetrator to obtain account information.

The vulnerability of the JunOS operating system’s port control console is related to the logging of authentication credentials in an open manner. Exploiting this vulnerability allows a perpetrator to obtain these credentials...

Rakuma Information Leakage Vulnerability

Rakuma is a shopping app from the Japanese company Rakuten. The Rakuma App suffers from an information leakage vulnerability that can be exploited by an attacker to obtain user authentication information...

The vulnerability of Wago industrial-controlled switches is related to the presence of pre-installed authentication data, which allows a intruder to gain access to the device.

The vulnerability of Wago industrial-controlled switches lies in the presence of pre-installed authentication data SSH keys. Exploiting this vulnerability allows a remote attacker to gain access to the device via the SSH protocol...

python: Information Disclosure due to urlsplit improper NFKC normalization

It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...

Important: python

Issue Overview: A security regression of CVE-2019-9636 was discovered in python, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of...

DEBIAN-CVE-2019-5448

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...

CVE-2019-5448

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...

CVE-2019-5448

CVE-2019-5448 affects Yarn; the vulnerability arises from HTTP URLs in a Yarn lockfile that can cause unencrypted authentication data to be transmitted. The connected advisories confirm Photon OS and Nessus plugins flag Yarn as affected and advise updating the Yarn package to mitigate. The exact ...

CVE-2019-3889

A reflected XSS vulnerability exists in the authentication flow of the OpenShift Container Platform. An attacker could use this flaw to steal authentication data by having users click a malicious link...

The vulnerability of the RTU module’s microprogramming software, Modicon BMXNOR0200H, arises from the presence of embedded authentication data. This allows a hacker to gain access to the FTP service.

The vulnerability of the RTU module’s microprogramming software, Modicon BMXNOR0200H, is related to the presence of embedded authentication data. Exploiting this vulnerability could allow a malicious actor to gain access to the FTP service remotely...

CVE-2019-10160

A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL...

Important: python34

Issue Overview: Python is affected by improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are: urllib.parse.urlsplit, urllib.parse.urlpars...

python: Information Disclosure due to urlsplit improper NFKC normalization

It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...