319 matches found
GHSA-27V7-QHFV-RQQ8 Insecure Credential Storage in web3
All versions of web3 are vulnerable to Insecure Credential Storage. The package stores encrypted wallets in local storage and requires a password to load the wallet. Once the wallet is loaded, the private key is accessible via LocalStorage. Exploiting this vulnerability likely requires a Cross-Si...
Insecure Credential Storage in web3
All versions of web3 are vulnerable to Insecure Credential Storage. The package stores encrypted wallets in local storage and requires a password to load the wallet. Once the wallet is loaded, the private key is accessible via LocalStorage. Exploiting this vulnerability likely requires a Cross-Si...
Schneider Electric AVEVA Vijeo Citect and Schneider Electric AVEVA CitectSCADA Insecure Credential Storage Vulnerability
Schneider Electric AVEVA Vijeo Citect and Schneider Electric AVEVA CitectSCADA are both data acquisition and monitoring system SCADA software packages from Schneider Electric, France. A security vulnerability exists in Schneider Electric AVEVA Vijeo Citect and Schneider Electric AVEVA CitectSCADA...
CVE-2019-1003070
Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
Design/Logic Flaw
Jenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
Design/Logic Flaw
Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
PT-2019-11699 · Jenkins · Jenkins Sametime Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Sametime Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specifically, the credential...
PT-2019-11358 · Vmware +1 · Vrealize Automation Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins VMware vRealize Automation Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within job config.xml files on the Jenkins master or controller. These credentials c...
PT-2019-11347 · Jenkins · Jenkins Bitbucket Approve Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Bitbucket Approve Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specifically, the...
PT-2019-11344 · Jenkins · Jenkins Jira Issue Updater Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Jira Issue Updater Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within job config.xml files on the Jenkins master or controller. These credentials can be...
CVE-2019-3782
The CVE-2019-3782 issue affects Cloud Foundry CredHub CLI prior to version 2.2.1. The vulnerability arises when credentials supplied via environment variables are written to the CLI’s persistent config file, potentially exposing them to a local authenticated attacker who has access to the CredHub...
CVE-2016-4644
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials...
CVE-2018-16223
Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamerapreferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password...
CVE-2018-16222
The CVE-2018-16222 entry affects the iSmartAlarm Android app (up to version 2.0.8). The issue is cleartext storage of credentials in the iSmartAlarmData.xml configuration file, which can allow an attacker to retrieve the username and password. The connected documents confirm affected product comp...
CVE-2018-13822
Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information...
CVE-2018-13822
CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below are affected by CVE-2018-13822 due to unprotected storage of credentials. This allows attackers to access sensitive information. The Connected documents confirm the affected versions and the credential storage issue; no...
ABB IP Gateway
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: IP Gateway Vulnerabilities: Improper Authentication, Cross-site Request Forgery, Unprotected Storage of Credentials 2. RISK EVALUATION Successful exploitation of these...
Lenovo Fingerprint Manager Pro for Windows 7, 8, and 8.1 only (not 10) Insecure Credential Storage - US
Lenovo Security Advisory: LEN-15999 Potential Impact: Local Privilege Escalation Severity: High Scope of Impact: Lenovo Specific CVE Identifier: CVE-2017-3762 Summary Description: A vulnerability has been identified in Lenovo Fingerprint Manager Pro. Sensitive data stored by Lenovo Fingerprint...
CVE-2017-1701
IBM Team Concert RTC 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5 stores credentials for users using a weak encryption algorithm, which could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 134393...
IBM Rational DOORS Web Access Credential Storage Vulnerability
IBM Rational DOORS is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM in the United States. The software provides a single platform for global team collaboration to manage requirements more efficiently, sharing unified users, servers and project...