CVE-2019-25470

eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentia...

CVE-2019-25470 eWON Firmware 12.2-13.0 Authentication Bypass via wsdReadForm

eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentia...

PT-2026-24768

eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentia...

CVE-2023-50436

An issue was discovered in Couchbase Server before 7.2.4. nsserver admin credentials are leaked in encoded form in the diag.log file. The earliest affected version is 7.1.5...

CVE-2026-22543 WEEK ENCODING FOR PASSWORDS

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...

CVE-2025-11155

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...

CVE-2025-57808 ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header

ESPHome is a system to control microcontrollers remotely through Home Automation systems. In version 2025.8.0 in the ESP-IDF platform, ESPHome's webserver authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correc...

PT-2025-26223

Name of the Vulnerable Software and Affected Versions RabbitMQ versions 3.13.7 and prior Description The issue concerns RabbitMQ logging authorization headers in plaintext, encoded in base64, when queried with HTTP/s and basic authentication. This results in logs containing all request headers,...

JetBrains TeamCity Log Information Disclosure Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a log information...

CVE-2025-46432

CVE-2025-46432 affects JetBrains TeamCity prior to 2025.03.1, where base64-encoded credentials could be exposed in build logs. The vulnerability is described across multiple sources (NVD entry, Red Hat, CNVD/CNNVD mirrors, Tenable Nessus plugin, PT-SECURITY advisory) with an impact on confidentia...

CVE-2025-46432

In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs...

CVE-2024-23551

HCL BigFix Compliance (9.x–11.x) is affected by CVE-2024-23551 due to database scanning using a username/password that stores credentials in plaintext or encoded form on the endpoint. This can lead to unauthorized access and data exposure. Prior to a confirmed patch (not provided in the documents...

HCL BigFix Compliance 安全漏洞

HCL Technologies HCL BigFix Compliance is a continuous monitoring and application of endpoint security settings to ensure compliance with regulatory or organizational security policies by HCL Technologies, USA. A security vulnerability exists in HCL BigFix Compliance versions prior to 10.0.5.0,...

CVE-2023-50436

An issue was discovered in Couchbase Server before 7.2.4. nsserver admin credentials are leaked in encoded form in the diag.log file. The earliest affected version is 7.1.5...

CVE-2023-7237

Lantronix XPort sends weakly encoded credentials within web request headers...

Cross site request forgery (csrf)

Lantronix XPort sends weakly encoded credentials within web request headers...

Lantronix Xport Encryption Issue Vulnerability

Lantronix Xport Edge is a hardware device from Lantronix, Inc. that enables Ethernet connectivity and control of industrial equipment. A security vulnerability exists in Lantronix Xport version 2.0.0.13, which is caused by sending weakly encoded credentials in the web request header...

PT-2024-15243 · Lantronix · Lantronix Xport

Name of the Vulnerable Software and Affected Versions: Lantronix XPort affected versions not specified Description: The issue concerns the transmission of weakly encoded credentials within web request headers. Recommendations: At the moment, there is no information about a newer version that...

CVE-2023-20891

The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF...

CVE-2021-3417

An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator LXCA, if added as a Resource Manager, are encoded then written to an internal LXCO log file each time a session is established with LXCA. Affected logs are captured in...