CVE-2021-40341

DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily. This issue affects FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B...

PT-2022-24508 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue concerns the encryption of operator credentials on Windows systems. In specific scenarios, the credentials may be encrypted in a manner that is not completely machine-dependent...

The vulnerability of the WMDLCDRV.ini driver of the software used for configuring SCADA systems such as MOSCAD/STS Toolbox and StarControls staRTU allows a intruder to gain unauthorized access to protected information.

The vulnerability of the wmdlcdrv.ini driver of the SCADA system software for MOSCAD/STS Toolbox and StarControls staRTU lies in the use of rigidly encrypted user credentials. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

PT-2021-19797 · Fortinet · Fortimail +3

Name of the Vulnerable Software and Affected Versions: FortiSandbox versions prior to 4.0.1 FortiWeb versions prior to 6.3.12 FortiADC versions prior to 6.2.1 FortiMail versions 7.0.1 and earlier Description: A missing cryptographic steps issue in the function that encrypts users' LDAP and RADIUS...

CVE-2020-35138

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demonstrated by Mobile@Work aka com.mobileiron. The key is in the...

CVE-2017-13860

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "Mail Drafts" component. It allows man-in-the-middle attackers to read e-mail content by leveraging mishandling of S/MIME credential encryption...

Code injection

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "Mail Drafts" component. It allows man-in-the-middle attackers to read e-mail content by leveraging mishandling of S/MIME credential encryption...

CVE-2017-13860

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "Mail Drafts" component. It allows man-in-the-middle attackers to read e-mail content by leveraging mishandling of S/MIME credential encryption...

CVE-2016-2282

Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors...

Code injection

Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors...

Microsoft Windows NTLM automatically authenticates via SMB when following a file:// URL

Overview Software running on Microsoft Windows that utilizes HTTP requests can be forwarded to a file:// protocol on a malicious server, which causes Windows to automatically attempt authentication via SMB to the malicious server in some circumstances. The encrypted form of the user's credentials...

CVE-2015-1358

The remote-management module in the 1 Multi Panels, 2 Comfort Panels, and 3 RT Advanced functionality in Siemens SIMATIC WinCC TIA Portal before 13 SP1 and in the 4 panels and 5 runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit,...

Code injection

The remote-management module in the 1 Multi Panels, 2 Comfort Panels, and 3 RT Advanced functionality in Siemens SIMATIC WinCC TIA Portal before 13 SP1 and in the 4 panels and 5 runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit,...

CVE-2015-1358

The remote-management module in the 1 Multi Panels, 2 Comfort Panels, and 3 RT Advanced functionality in Siemens SIMATIC WinCC TIA Portal before 13 SP1 and in the 4 panels and 5 runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit,...

Clorius Controls A/S Java Web Client Information Disclosure Vulnerability

Clorius Controls A/S is an industrial control system software. An information disclosure vulnerability exists in the Clorius Controls A/S Java Web client due to the program failing to properly handle authentication credential encryption. This vulnerability could be exploited by an attacker to sni...

CVE-2011-3685

Tembria Server Monitor before 6.0.5 Build 2252 uses a substitution cipher to encrypt application credentials, which allows local users to obtain sensitive information by leveraging read access to 1 authentication.dat or 2 XML files in the Exports directory...

ZDI-08-025: Symantec Altiris Deployment Solution Domain Credential Disclosure Vulnerability

ZDI-08-025: Symantec Altiris Deployment Solution Domain Credential Disclosure Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-025 May 15, 2008 -- Affected Vendors: Symantec -- Affected Products: Symantec Altiris Deployment Solution -- TippingPointTM IPS Customer Protection:...

Apple Airport Administrative Port Credential Encryption Weakness

Binary data 1886.prm...