CVE-2026-33569 Anviz Products Cleartext Transmission of Sensitive Information

Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device...

CVE-2017-11579

In the most recent firmware for Blipcare, the device provides an open Wireless network called "Blip" for communicating with the device. The user connects to this open Wireless network and uses the web management interface of the device to provide the user's Wi-Fi credentials so that the device ca...

Here’s How to Hack Windows/Mac OS X Login Password (When Locked)

A Security researcher has discovered a unique attack method that can be used to steal credentials from a locked computer but, logged-in and works on both Windows as well as Mac OS X systems. In his blog post published today, security expert Rob Fuller demonstrated and explained how to exploit a U...

DEBIAN-CVE-2013-4114

The automatic update request in Nagstamont before 0.9.10 uses a cleartext base64 format for transmission of a username and password, which allows remote attackers to obtain sensitive information by sniffing the network...

PT-2012-4446 · Tridium · Tridium Niagara Ax Framework

Name of the Vulnerable Software and Affected Versions: Tridium Niagara AX Framework versions prior to 3.7 Description: The issue concerns the default configuration of the software, which uses a cleartext base64 format for transmitting credentials in cookies. This allows remote attackers to obtain...

UBUNTU-CVE-2012-2357

The Multi-Authentication feature in the Central Authentication Service CAS functionality in auth/cas/casform.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network...

CVE-2012-2357

The Multi-Authentication feature in the Central Authentication Service CAS functionality in auth/cas/casform.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network...

CVE-2012-2357

CVE-2012-2357 affects Moodle 2.1.x (before 2.1.6) and 2.2.x (before 2.2.3). The issue is in the Multi-Authentication CAS feature (auth/cas/cas_form.html) that does not use HTTPS, enabling credential sniffing over the network by remote attackers. The root cause is unauthenticated, unencrypted tran...

Design/Logic Flaw

Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login...