144 matches found
The vulnerabilities of event monitoring platforms, threat detection systems, and security analytics tools from IBM QRadar Suite and IBM Cloud Pak for Security involve unencrypted storage of user credentials, allowing attackers to gain unauthorized access to protected information.
The vulnerabilities of event monitoring platforms, threat detection systems, and security analytics tools from IBM QRadar Suite and IBM Cloud Pak for Security are related to the unencrypted storage of user credentials. Exploiting these vulnerabilities can allow attackers operating remotely to gai...
CVE-2024-41688
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due lack of encryption in storing of usernames and passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the...
CVE-2024-36790
Netgear WNR614 JNR1010V2/N300-V1.1.0.541.0.1 was discovered to store credentials in plaintext...
IBM Cloud Pak for Data Security Vulnerability
IBM Cloud Pak for Data is a cloud-native solution from International Business Machines IBM that allows customers to use data and analyze it quickly and efficiently. A security vulnerability exists in IBM Cloud Pak for Data that stems from DataStage storing sensitive credential information that ca...
Command injection
In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a /.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials...
Unprotected Storage of Credentials
Overview Affected versions of this package are vulnerable to Unprotected Storage of Credentials. An attacker can steal authentication credentials intended for the database server by performing an adversary-in-the-middle attack between the SQL client and the SQL server, even if the connection is...
Genie Aladdin Connect Mobile Application Security Vulnerability
Genie Aladdin Connect Mobile Application is a garage door opener control software from Genie. A security vulnerability exists in Genie Aladdin Connect Mobile Application 5.65 Build 2075 and prior versions, which stems from the fact that a user's product account authentication data is stored in...
PT-2023-7769 · Nagios Xi · Nagios Xi
Name of the Vulnerable Software and Affected Versions: Nagios XI affected versions not specified Description: The issue is related to the storage of credentials in plaintext, which could allow an attacker to gain unauthorized access to credentials for third-party hosts from encrypted Ansible file...
CVE-2023-39452
The web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can be done remotely due to the incorrect management of the sessions in the web application...
CVE-2023-39452
CVE-2023-39452 affects Socomec MODULYS GP (MOD3GP-SY-120K) web interface. Public documents identify plaintext storage of passwords in the user management section and remote credential exposure due to improper session handling. Affected product details cited by CISA ICS advisory (MODULYS GP-SY-120...
PT-2023-5301 · Unknown · Modulys Gp
Name of the Vulnerable Software and Affected Versions: MODULYS GP MOD3GP-SY-120K affected versions not specified Description: The web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can be done remotely due to the...
CVE-2023-27902
A flaw was found in Jenkins. Jenkins uses temporary directories adjacent to workspace directories, usually with the @tmp name suffix, to store temporary files related to the build. In pipelines, these temporary directories are adjacent to the current working directory when operating in a...
Simmeth System Supplier Manager 授权问题漏洞
Simmeth System Supplier Manager, a supply chain software from Simmeth System, Germany, is vulnerable to a session management error in versions prior to Simmeth System Supplier Manager 5.6. The vulnerability stems from credentials not being cleared from local storage after logging out, which could...
The vulnerability of the IBM Host Access Transformation Services (HATS) software, developed by IBM Host Access Beans, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the IBM Host Access Transformation Services HATS software, developed by IBM Host Access Beans, is related to the unencrypted storage of user credentials. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
CVE-2022-22983
VMware Workstation 16.x prior to 16.2.4 contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware...
CVE-2022-36897
A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...
GHSA-4FJC-FWJ2-7XFG Credentials transmitted in plain text by Repository Connector Plugin
Repository Connector Plugin stores credentials in its global configuration file org.jvnet.hudson.plugins.repositoryconnector.RepositoryConfiguration.xml on the Jenkins controller as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text a...
Design/Logic Flaw
Mobotix Control Center MxCC through 2.5.4.5 has Insufficiently Protected Credentials, Storing Passwords in a Recoverable Format via the MxCC.ini config file. The credential storage method in this software enables an attacker/user of the machine to gain admin access to the software and gain access...
CVE-2021-40363
A vulnerability has been identified in SIMATIC PCS 7 V8.2 All versions, SIMATIC PCS 7 V9.0 All versions, SIMATIC PCS 7 V9.1 All versions V9.1 SP1, SIMATIC WinCC V15 and earlier All versions V15 SP1 Update 7, SIMATIC WinCC V16 All versions V16 Update 5, SIMATIC WinCC V17 All versions V17 Update 2,...
CVE-2022-22554
Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials vulnerability. A local attacker with user privleges could potentially exploit this vulnerability leading to the disclosure of user passwords...