CVE-2014-4620

CVE-2014-4620 affects EMC NetWorker Module for MEDITECH (NMMEDI) 3.0 builds 87–90. When used with EMC RecoverPoint and Plink, Plink commands print RecoverPoint credentials in clear text to nsrmedisv.raw log files, yielding local information disclosure. Impact is sensitive data exposure in logs. R...

Folder Lock 5.9.5 Weak Password Encryption Local Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30766/info Folder Lock is prone to an information-disclosure vulnerability because it stores credentials in an insecure manner. A local attacker can exploit this issue to obtain passwords used by the application, which ma...

PT-2014-3100 · Jenkins · Jenkins Subversion Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Subversion plugin versions prior to 1.54 Description: The issue allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file, due to the storage of credentials using base64 encoding...

CVE-2014-2870

The CVE-2014-2870 entry affects PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3. Root cause: default configuration stores credentials in cleartext in the application database, enabling context-dependent attackers to obtain sensitive information. No explicit exploit vectors, affected versio...

Information disclosure

IBM Scale Out Network Attached Storage SONAS 1.3 before 1.3.2.3 requires cleartext storage of LDAP credentials without recommending a less privileged LDAP account, which might allow attackers to obtain sensitive server information by leveraging root access to a client machine...

CVE-2012-0700

The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly store credentials, which allows local users to bypass intended access restrictions via unspecified vectors...

CVE-2012-0700

CVE-2012-0700 affects IBM InfoSphere Information Server FastTrack client (InfoSphere Server 8.1, 8.5 before FP3, and 8.7). Root cause: insecure local storage of credentials allowing bypass of access restrictions by local users via unspecified vectors. Exploitation status not detailed in the provi...

CVE-2012-4028

Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication...

CVE-2012-4028

CVE-2012-4028 affects the Tridium Niagara AX Framework. The vulnerability stems from improper storage of credential data, enabling context-dependent attackers to bypass authentication by using stored credentials. The NVD entry lists a high impact with network reach and low attack complexity, but ...

Tridium Niagara Vulnerabilities

OVERVIEW --------- Begin Update A Part 1 of 2 -------- This updated advisory is a follow-up to the original advisory titled ICSA-12-228-01 Tridium Niagara Multiple Vulnerabilities that was published August 15, 2012, on the ICS-CERT Web page. It is also a follow-up to ICS-ALERT-12-195-01 Tridium...

Checkpoint SecuRemote/Secure Client NGX Auto Local Logon Vulnerability

http://www.digihax.com Bulletin Release 02.06.08 Checkpoint SecuRemote/Secure Client NGX Auto Local Logon Vulnerability Or, How to Be Bill Gates, if Bill Gates uses a CheckPoint VPN Client Discovery Date: December 13, 2007 Vendor Release Date: February 6, 2008 Severity: Impersonation of users...

CVE-2006-0582

Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors...

CVE-2006-0582

CVE-2006-0582 affects Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2. In rshd, when storing forwarded credentials, an attacker can overwrite arbitrary files and change file ownership via unknown vectors. This is a local‑impact vulnerability with low CVSS base score (2.1) per the NVD data, and ...

[Hat-Squad] GFI L.N.S.S 5.0 Insecure Credential Storage

February 28, 2005 Hat-Squad Advisory: GFI L.N.S.S 5.0- Insecure Credential Storage Product: GFI Languard Network Security Scanner Vendor Url: http://gfi.com/ Version: 5.0 Vulnerability: Insecure Credential Storage Release Date: February 28, 2005 Vendor Status: Informed on 22 February 2005 Respons...

CVE-2005-0421

DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat file, enabling local users to gain privileges. This CVE (CVE-2005-0421) arises from credential storage in a profile file and is described with a low impact score (CVSS v2 base 2.1, LOCAL access). The provided documents do not in...

Software602 602Pro LAN SUITE 2003 - Sensitive User Information Storage

Software602 602Pro LAN SUITE 2003 - Sensitive User Information Storage source: https://www.securityfocus.com/bid/8700/info A problem with the storage of user credentials has been identified in Software602 602Pro LAN SUITE 2003. Because of this, an attacker may be able to gain access to potentiall...

CVE-2002-0344

CVE-2002-0344 affects Symantec LiveUpdate 1.5 and earlier used with Norton Antivirus. The issue stems from storing usernames and passwords for a local LiveUpdate server in cleartext in the registry, which may allow remote attackers to impersonate the LiveUpdate server. The NVD entry describes thi...

DUO-PSA-2014-008: Duo Product Security Advisory

Duo Product Security Advisory Advisory ID: DUO-PSA-2014-008 Publication Date: 2014-12-22 Status: Confirmed, Fixed Document Revision: 2 Overview Duo Security has identified an issue in the iOS Duo Mobile app that may allow credentials to be backed up in an encrypted form to a user's local machine...

DUO-PSA-2014-008: Duo Product Security Advisory

Duo Product Security Advisory Advisory ID: DUO-PSA-2014-008 Publication Date: 2014-12-22 Status: Confirmed, Fixed Document Revision: 2 Overview Duo Security has identified an issue in the iOS Duo Mobile app that may allow credentials to be backed up in an encrypted form to a user's local machine...