336 matches found
CVE-2023-49341
An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-IIGV1.00.011, allows remote attackers to obtain sensitive information via cleartext credential storage in backup.htm component...
CVE-2023-50945
IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user...
CVE-2022-26948
The Archer RSS feed integration for Archer 6.x through 6.9 SP1 6.9.1.0 is affected by an insecure credential storage vulnerability. A malicious attacker may obtain access to credential information to use it in further attacks...
Insufficiently Protected Credentials
Overview rdsai-cli is an AI-powered CLI tool for Relation database management and analysis Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to insecure local storage of sensitive credentials. An attacker can exploit this by accessing the configuration...
CVE-2025-15128
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safesetting/ of the component Endpoint. Performing a manipulation of the argument backupencryptionpassworddecrypt/exportencryptionpassworddecrypt results in unprotected storage o...
CVE-2025-15128 ZKTeco BioTime Endpoint safe_setting credentials storage
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safesetting/ of the component Endpoint. Performing a manipulation of the argument backupencryptionpassworddecrypt/exportencryptionpassworddecrypt results in unprotected storage o...
ZKTeco BioTime 安全漏洞
ZKTeco BioTime is a powerful web-based time and attendance management software from the Chinese company ZKTeco. A security vulnerability exists in ZKTeco BioTime versions 9.0.3, 9.0.4, and 9.5.2, which stems from a vulnerability in the parameter...
PT-2025-53643
Name of the Vulnerable Software and Affected Versions ZKTeco BioTime versions 9.0.3 through 9.0.4 ZKTeco BioTime version 9.5.2 Description A security issue exists in ZKTeco BioTime related to the storage of credentials. Manipulation of the backup encryption password decrypt/export encryption...
📄 Netbus Backdoor 1.7 Remote Code Execution
Netbus Backdoor version 1.7 Metasploit module that leverages an insecure credential storage vulnerability that then performs command injection. ============================================================================================================================================= | Title :...
📄 Backdoor.Win32.ControlTotal.t MVID-2025-0702 Insecure Credential Storage
Backdoor.Win32.ControlTotal.t malware listens on TCP port 2032 and requires authentication. The password "jdf4df4vdf" is stored in cleartext within the PE file. Discovery / credits: Malvuln John Page aka hyp3rlinx c 2025 Original source:...
EUVD-2024-55325
HCL Workload Scheduler stores user credentials in plain text which can be read by a local user...
CVE-2024-42197 HCL Workload Scheduler is vulnerable to plain text storage of a password
HCL Workload Scheduler stores user credentials in plain text which can be read by a local user...
CVE-2024-42197
The CVE-2024-42197 entry concerns HCL Workload Scheduler storing user credentials in plain text, allowing a local non-privileged user to read them. The available documents consistently describe the issue as cleartext credential storage without details on affected versions or root cause beyond the...
CVE-2025-34428 MailEnable < 10.54 Cleartext Credential Storage in AUTH.SAV
MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.SAV with overly permissive filesystem access. A local...
PT-2025-50291
Name of the Vulnerable Software and Affected Versions ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier Description The software contains an issue with insufficiently protected credentials, potentially allowing limited unauthorized write access. An attacker could exploit improperly stored ...
CVE-2025-3784
Cleartext Storage of Sensitive Information Vulnerability in GX Works2 all versions allows an attacker to disclose credential information stored in plaintext from project files. As a result, the attacker may be able to open project files protected by user authentication using disclosed credential...
EUVD-2025-201592
A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GETFACTORYINFO/GETUSERINFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploit...
CVE-2025-14183
A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GETFACTORYINFO/GETUSERINFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploit...
SGAI Space1 安全漏洞
SGAI Space1 is an all-in-one NAS and router appliance from China's Speed Gap SGAI. A security vulnerability exists in SGAI Space1 version 1.0.915 and earlier, which stems from an improper credential storage in component gsaiagent in NAS N1211DS, which could lead to credential disclosure...
CVE-2025-65841
Summary of CVE-2025-65841 : Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in a local file at ~/Library/Application Support/Aquarius/aquarius.settings using a weak obfuscation scheme. The password is “encrypted” via predictable byte-substitution that is trivially revers...