CVE-2023-49261

The "tokenKey" value used in user authorization is visible in the HTML source of the login page...

Authorization

The "tokenKey" value used in user authorization is visible in the HTML source of the login page...

CVE-2023-49261 Sensitive authentication-related value accessible publicly

The "tokenKey" value used in user authorization is visible in the HTML source of the login page...

CVE-2023-49261

CVE-2023-49261: Red Hat entries confirm the issue that the tokenKey used in user authorization is visible in the HTML source of the login page. The Red Hat advisories list this description; the connected documents do not provide affected product/version details, exploit information, or remediatio...

PT-2024-13718 · Hongdian · H8951-4G-Esp +1

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue concerns the visibility of the tokenKey value used in user authorization within the HTML source of the login page. This could potentially expose sensitive information...

Hongdian Router H8951-4G-ESP Security Vulnerability

The Hongdian Router H8951-4G-ESP is a wireless router from Hongdian, China. A security vulnerability exists in the Hongdian Router H8951-4G-ESP prior to version 2310271149, which stems from the "tokenKey" value used in user authorization being visible in the HTML source code of the login page...

CVE-2023-27132

TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product...

Default credentials

TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product...

CVE-2023-27132

TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product...

CVE-2023-27132

TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product...

CVE-2023-27132

The CVE-2023-27132 entry targets TSplus Remote Work: version 16.0.0.0 stores a cleartext password on the var pass line of the HTML source code for the secure single sign-on web portal. Connected sources corroborate that credentials are stored in plaintext within the HTML of the login page (e.g., ...

CVE-2023-31069

An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page...

CVE-2023-31069

TSplus Remote Access (up to version 16.0.2.14) contains a credential exposure in which passwords are stored as cleartext in the HTML source of the login page. This is documented across multiple sources (NVD/Red Hat/PRION entries) and confirms the root cause is cleartext credential storage on the ...

CVE-2023-31069

An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page...

SUSE CVE-2014-2061

The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value...

SUSE CVE-2022-26148

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the apijsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in...

Code injection

BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain sensitive information when a public Point of Sale app is exposed. The sensitive information, found in the HTML source code, includes the xpub of the store. Also, if the store isn't using the internal lightning node, the...

CVE-2022-45895

Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie findable in HTML source code for Default.aspx in some situations and the WhoAmI endpoint e.g., path disclosure...

CVE-2022-45895

Planet eStream exposes sensitive information in versions prior to 6.72.10.07 due to issues involving the ON cookie (findable in Default.aspx HTML source) and the WhoAmI endpoint (path disclosure). The CVE-2022-45895 entry consolidates this information as a user-notification-style vulnerability wi...

CVE-2021-44720

In Ivanti Pulse Secure Pulse Connect Secure PCS before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance Push Configuration Targets Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role...