Cleartext Storage Of Sensitive Information

wwbn/avideo is vulnerable to Cleartext Storage of Sensitive Information. The vulnerability is due to storing video passwords in plaintext without encryption or hashing, which allows an attacker with database access to retrieve all passwords in cleartext...

CVE-2026-33867

WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo allows content owners to password-protect individual videos. The video password is stored in the database in plaintext — no hashing, salting, or encryption is applied. If an attacker gains read access to th...

CVE-2026-33867

WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo allows content owners to password-protect individual videos. The video password is stored in the database in plaintext — no hashing, salting, or encryption is applied. If an attacker gains read access to th...

CVE-2026-33763 AVideo has an Unauthenticated Video Password Brute-Force Vulnerability via Unrate-Limited Boolean Oracle

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getapivideopasswordiscorrect API endpoint allows any unauthenticated user to verify whether a given password is correct for any password-protected video. The endpoint returns a boolean passwordIsCorrect field...

Cleartext Storage of Sensitive Information

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to the storage of video access passwords in plaintext within the database. An attacker can obtain sensitive...

PT-2026-28541

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo allows content owners to password-protect individual videos. The video password is stored in the database in plaintext, without hashing, salting, or encryption. An attacker gaining re...