377 matches found
PT-2019-11379 · Jenkins · Jenkins Upload To Pgyer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Upload to pgyer Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner in job config.xml files on the Jenkins master. These credentials can be accessed by users who...
PT-2019-11350 · Jenkins · Jenkins Official Owasp Zap Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Official OWASP ZAP Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file of the Jenkins Official OWASP ZAP Plugin. Specifically,...
PT-2019-11699 · Jenkins · Jenkins Sametime Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Sametime Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specifically, the credential...
PT-2019-11353 · Jenkins · Jenkins Amazon Sns Build Notifier Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Amazon SNS Build Notifier Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specificall...
PT-2019-11354 · Jenkins · Jenkins Aws-Device-Farm Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins aws-device-farm Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file of the Jenkins aws-device-farm Plugin. Specifically,...
PT-2019-11361 · Jenkins · Jenkins Octopusdeploy Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins OctopusDeploy Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specifically, the...
PT-2019-11352 · Jenkins · Jenkins Aws Cloudwatch Logs Publisher Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins AWS CloudWatch Logs Publisher Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller...
PT-2019-11364 · Jenkins · Jenkins Hyper.Sh Commons Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Hyper.sh Commons Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specifically,...
Design/Logic Flaw
A vulnerability has been identified in SICLOCK TC100 All versions and SICLOCK TC400 All versions. Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords...
CVE-2018-4855
A vulnerability has been identified in SICLOCK TC100 All versions and SICLOCK TC400 All versions. Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords...
CVE-2018-4855
CVE-2018-4855 affects Siemens SICLOCK TC100/TC400 (All versions). Root cause is unencrypted storage of passwords in client configuration files and during network transmission, enabling an attacker in a privileged position to obtain device access passwords. Public details describe an information d...
CVE-2018-4855
A vulnerability has been identified in SICLOCK TC100 All versions and SICLOCK TC400 All versions. Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords...
Unencrypted Password Store
build-publisher stores passwords unencrypted. Anyone with access to the local file system can access credentials to other Jenkins systems. The credentials are also transmitted in plaintext which exposes them to various other attacks...
The vulnerability of the Advantech WebAccess remote monitoring software lies in the lack of protection for email account credentials, allowing attackers to access confidential information.
The vulnerability of Advantech WebAccess remote monitoring software lies in the lack of protection for email account credentials stored in unencrypted form. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information...
Adding Subscription Cal by URL stores user password unencrypted
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-48402. panel I discovered that calendar subscriptions not only store user credentials, but do so unencrypted!!! There is really...
firefly_pass_recovery.txt
--------------------- Application: --------------------- FireFly 1.0 --------------------- Introduction: --------------------- Vendor: NetCruiser Software www.netcruiser-software.com Vendor Description: Firefly is a Windows application that allows you to share files with other users. Firefly uses...
Nevrona Designs MiraMail stores all configuration and user account information in unencrypted text file
Overview Some versions of MiraMail store username and passwords in a text file without using encryption. Description MiraMail is a news server for Windows-based hosts. Versions of MiraMail up to and including 1.04 store MiraMail user data, including usernames and passwords, in unencrypted plainte...