CVE-2020-10375

An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords in the second column. NOTE: this is unrelated to the popular Smarty template engine product...

EUVD-2020-2830

Malware in sbrugna...

EUVD-2011-0547

Malware in sbrugna...

EUVD-2015-5030

Malware in sbrugna...

EUVD-2023-1749

Malicious code in bioql PyPI...

CVE-2014-1409

MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords...

CVE-2023-35151

XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, a...

Design/Logic Flaw

XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, a...

CVE-2023-35151 XWiki Platform may show email addresses in clear in REST results

XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, a...

CVE-2023-35151 XWiki Platform may show email addresses in clear in REST results

XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, a...

CVE-2023-35151

CVE-2023-35151 (XWiki Platform) affects XWiki Platform versions 7.3-milestone-1 through 14.4.7, where any user can call a REST endpoint and obtain obfuscated passwords, even if mail obfuscation is enabled. The issue has been patched in 14.4.8, 14.10.6, and 15.1. No public workaround is documented...

SUSE CVE-2020-10375

An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords in the second column. NOTE: this is unrelated to the popular Smarty template engine product...

CVE-2022-22789

Charactell - FormStorm Enterprise Account takeover – An attacker can modify add, remove and update passwords file for all the users. The xxusers.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existi...

CVE-2022-22789

Charactell - FormStorm Enterprise Account takeover – An attacker can modify add, remove and update passwords file for all the users. The xxusers.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existi...

Format string

An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords in the second column. NOTE: this is unrelated to the popular Smarty template engine product...

CVE-2020-10375

CVE-2020-10375 affects New Media Smarty before 9.10. The issue is that passwords are stored in an obfuscated format that can be easily reversed, with the obfuscated values located in the file data.mdb (second column). This is explicitly noted as unrelated to the popular Smarty template engine pro...

PT-2019-15358 · Siemens · Sinvr/Sivms Video Server

Name of the Vulnerable Software and Affected Versions: SiNVR/SiVMS Video Server versions prior to V5.0.0 Description: A vulnerability has been identified in the HTTP service of the SiVMS/SiNVR Video Server, which contains an authentication bypass issue. This allows a remote attacker with network...

PT-2019-15356 · Unknown · Control Center Server

Name of the Vulnerable Software and Affected Versions: Control Center Server CCS versions prior to V1.5.0 Description: A remote attacker with network access to the CCS server could exploit an authentication bypass vulnerability in the XML-based communication protocol, as provided by default on...

Security Bulletin: IBM Security Access Manager uses configuration files with obfuscated passwords that can be accessed by authenticated users (CVE-2015-5013)

Summary The IBM Security Access Manager appliance stores obfuscated passwords in plain-text configuration files that can be accessed by authenticated users. Vulnerability Details CVEID: CVE-2015-5013 DESCRIPTION: The appliance includes configuration files that contain obfuscated...

CVE-2015-5013

The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access...