73 matches found
PT-2025-27772
Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: The issue involves several credentials for the local PostgreSQL database being stored in plain text, with some partially base64 encoded. Recommendations: At the moment, there is no...
CVE-2021-38938
IBM Host Access Transformation Services HATS 9.6 through 9.6.1.4 and 9.7 through 9.7.0.3 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 210989...
CVE-2025-30172 Admin Authorized Remote Code Execution
Remote Code Execution vulnerabilities are present in ASPECT if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...
CVE-2017-8225
On Wireless IP Camera P2P WIFICAM devices, access to .ini files containing credentials is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI...
CVE-2019-10467
Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2018-11544
The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/sharedprefs/com.theolivetree.ftpserverpreferences.xml file as the prefUsername and prefUserpass strings...
CVE-2025-47730
The TeleMessage archiving backend through 2025-05-05 accepts API calls to request an authentication token from the TM SGNL aka Archive Signal app with the credentials of logfile for the user and enRR8UVVywXYbFkqUQDPRkO for the password...
GO-2025-3645 Kubernetes did not effectively clear service account credentials in k8s.io/kubernetes
Kubernetes did not effectively clear service account credentials in k8s.io/kubernetes...
CVE-2024-45638
IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user...
CVE-2025-26793
The Web GUI configuration panel of Hirsch formerly Identiv and Viscount Enterphone MESH through 2024 ships with default credentials username freedom, password viscount. The administrator is not prompted to change these credentials on initial configuration, and changing the credentials requires ma...
CVE-2023-50945
IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user...
CVE-2024-48121
The HI-SCAN 6040i Hitrax HX-03-19-I was discovered to transmit user credentials in cleartext over the GIOP protocol. This allows attackers to possibly gain access to sensitive information via a man-in-the-middle attack...
CVE-2024-45722
CVE-2024-45722 affects Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x, where a weak credential mechanism could allow attackers to easily calculate MQTT credentials and access the MQTT broker. Connected sources confirm exposure related to device serial numbers and potential MQTT ...
Hikvision network camera security enhancement to prevent cleartext transmission of Dynamic DNS credentials
Overview Multiple network cameras provided by Hangzhou Hikvision Digital Technology Co., Ltd. support two Dynamic DNS services, DynDNS and NO-IP.The user can select which to use on the GUI configuration page. Both the services provide their APIs accessible via HTTP and HTTPS, but old firmware...
KRB5 Authorization
This script allows users to enter the information required to authorize and login via KRB5. These data are used by tests that require authentication. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respectiv...
CVE-2024-38285 Insufficiently Protected Credentials in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
Logs storing credentials are insufficiently protected and can be decoded through the use of open source tools...
EUVD-2024-17158
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The vulnerability is a bypass to authentication based on a failure to properly handle username and...
CVE-2022-40685
Insufficiently protected credentials in the IntelR DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access...
CVE-2023-28088
An HPE OneView appliance dump may expose SAN switch administrative credentials...
Jenkins Artifactory Plugin missing permission check
Jenkins Artifactory Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials...