CVE-2023-41677

A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through...

CVE-2023-41677

CVE-2023-41677 affects Fortinet FortiProxy and FortiOS versions listed in the description, where a vulnerability due to insufficient protection of credentials could let an attacker execute unauthorized code or commands through a targeted social engineering attack. The issue is documented across m...

Insufficiently Protected Credentials

github.com/cloudevents/sdk-go/v2 is vulnerable to Insufficiently Protected Credentials. The vulnerability is due to the improper use of cloudevents.WithRoundTripper, allowing the leakage of credentials to arbitrary endpoints when creating a cloudevents.Client with an authenticated http.RoundTripp...

CVE-2024-21815

Gallagher Command Centre (Gallagher) is affected by CVE-2024-21815 due to insufficiently protected credentials (CWE-522) for third‑party DVR integrations to the Command Centre Server, potentially exposing credentials to authenticated but unprivileged users. Affected versions include 8.60 and prio...

CVE-2023-6259

Insufficiently Protected Credentials, : Improper Access Control vulnerability in Brivo ACS100, ACS300 allows Password Recovery Exploitation, Bypassing Physical Security.This issue affects ACS100, ACS300: from 5.2.4 before 6.2.4.3...

CVE-2023-6259 Local Access to Sensitive Data in Brivo ACS100 and ACS300

Insufficiently Protected Credentials, : Improper Access Control vulnerability in Brivo ACS100, ACS300 allows Password Recovery Exploitation, Bypassing Physical Security.This issue affects ACS100, ACS300: from 5.2.4 before 6.2.4.3...

CVE-2023-6259

The CVE-2023-6259 issue affects Brivo ACS100 and ACS300 (versions 5.2.4 through 6.2.4.3). The root cause is Insufficiently Protected Credentials and Improper Access Control, enabling Password Recovery Exploitation and bypassing physical security. If exploited, this could allow unauthorized access...

CVE-2023-6259 Local Access to Sensitive Data in Brivo ACS100 and ACS300

Insufficiently Protected Credentials, : Improper Access Control vulnerability in Brivo ACS100, ACS300 allows Password Recovery Exploitation, Bypassing Physical Security.This issue affects ACS100, ACS300: from 5.2.4 before 6.2.4.3...

CVE-2023-27975

CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation...

CVE-2023-27975

CVE-2023-27975 affects Schneider Electric EcoStruxure Control Expert, EcoStruxure Process Expert, and Modicon M340/M580 PLCs. Root cause: CWE-522 Insufficiently Protected Credentials allowing a local user to tamper memory and gain unauthorized access to a project file; CVSS v3.1 base score 7.1 (H...

CVE-2023-50291 Apache Solr: System Property redaction logic inconsistency can lead to leaked passwords

Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...

CVE-2023-50291

CVE-2023-50291 — Insufficiently Protected Credentials (Apache Solr) : The issue affects Solr 6.0.0–8.11.2 and 9.0.0–9.3.0, where the /admin/info/properties endpoint could leak credentials because some sensitive properties (e.g., basicauth, aws.secretKey) were published in the UI. Access is gated ...

CVE-2023-29447 Insufficiently Protected Credentials in PTC's Kepware KEPServerEX

An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication...

NewStart CGSL MAIN 6.02 : curl Multiple Vulnerabilities (NS-SA-2023-0071)

The remote NewStart CGSL host, running version MAIN 6.02, has curl packages installed that are affected by multiple vulnerabilities: - curl 7.1.1 to and including 7.75.0 is vulnerable to an Exposure of Private Personal Information to an Unauthorized Actor by leaking credentials in the HTTP Refere...

CVE-2023-23370 QVPN Device Client

An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors. We have...

Siemens LOGO! Insufficiently Protected Credentials (CVE-2017-12734)

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V1.81.2. An attacker with network access to the integrated web server on port 80/tcp could obtain the session ID of an active user session. A user must be logged in to the web interface. Siemens recommends to use...

PTC Kepware KepServerEX (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : PTC Equipment : Kepware KepServerEX Vulnerabilities : Uncontrolled Search Path Element, Improper Input Validation, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of...

Moxa ioLogik E2200 Series Insufficiently Protected Credentials (CVE-2016-2282)

Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors. This plugin only works with Tenable.ot. Please visit...

EulerOS Virtualization 3.0.6.0 : curl (EulerOS-SA-2023-2235)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow a...

CVE-2023-29168 PTC Vuforia Studio Insufficiently Protected Credentials

The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication...