45 matches found
CVE-2026-26049
The web management interface of the device renders the passwords in a plaintext input field. The current password is directly visible to anyone with access to the UI, potentially exposing administrator credentials to unauthorized observation via shoulder surfing, screenshots, or browser form...
CVE-2026-26049
The web management interface of the device renders the passwords in a plaintext input field. The current password is directly visible to anyone with access to the UI, potentially exposing administrator credentials to unauthorized observation via shoulder surfing, screenshots, or browser form...
CVE-2026-26049 Jinan USR IOT Technology Limited (PUSR) USR-W610 Insufficiently Protected Credentials
The web management interface of the device renders the passwords in a plaintext input field. The current password is directly visible to anyone with access to the UI, potentially exposing administrator credentials to unauthorized observation via shoulder surfing, screenshots, or browser form...
CVE-2026-26049 Jinan USR IOT Technology Limited (PUSR) USR-W610 Insufficiently Protected Credentials
The web management interface of the device renders the passwords in a plaintext input field. The current password is directly visible to anyone with access to the UI, potentially exposing administrator credentials to unauthorized observation via shoulder surfing, screenshots, or browser form...
CVE-2026-26049
The web management interface of the device renders the passwords in a plaintext input field. The current password is directly visible to anyone with access to the UI, potentially exposing administrator credentials to unauthorized observation via shoulder surfing, screenshots, or browser form...
CVE-2026-26049
CVE-2026-26049 affects the Jinan USR IOT USR-W610 embedded web interface. The vulnerability is that the web UI renders the administrator password in a plaintext input field, making the current password directly visible to anyone with UI access and enabling credential exposure via shoulder surfing...
PT-2026-21241
The web management interface of the device renders the passwords in a plaintext input field. The current password is directly visible to anyone with access to the UI, potentially exposing administrator credentials to unauthorized observation via shoulder surfing, screenshots, or browser form...
EUVD-2018-0428
Malware in sbrugna...
EUVD-1999-1216
Malware in sbrugna...
EUVD-2006-6936
Malware in sbrugna...
CVE-2021-29038
Liferay Portal 7.2.0 through 7.3.5, and older unsupported versions, and Liferay DXP 7.3 before fix pack 1, 7.2 before fix pack 17, and older unsupported versions does not obfuscate password reminder answers on the page, which allows attackers to use man-in-the-middle or shoulder surfing attacks t...
Man-in-the-middle Attack
Liferay Portal is vulnerable to Man-in-the-middle Attack. The vulnerability is due to the failure to obfuscate password reminder answers on the page, allowing attackers to exploit man-in-the-middle or shoulder-surfing attacks to steal user's password reminder answers...
CVE-2021-29038
Liferay Portal 7.2.0 through 7.3.5, and older unsupported versions, and Liferay DXP 7.3 before fix pack 1, 7.2 before fix pack 17, and older unsupported versions does not obfuscate password reminder answers on the page, which allows attackers to use man-in-the-middle or shoulder surfing attacks t...
CVE-2021-29038
Liferay Portal 7.2.0 through 7.3.5, and older unsupported versions, and Liferay DXP 7.3 before fix pack 1, 7.2 before fix pack 17, and older unsupported versions does not obfuscate password reminder answers on the page, which allows attackers to use man-in-the-middle or shoulder surfing attacks t...
Default credentials
Liferay Portal 7.2.0 through 7.3.5, and older unsupported versions, and Liferay DXP 7.3 before fix pack 1, 7.2 before fix pack 17, and older unsupported versions does not obfuscate password reminder answers on the page, which allows attackers to use man-in-the-middle or shoulder surfing attacks t...
CVE-2021-29038
Liferay Portal 7.2.0 through 7.3.5, and older unsupported versions, and Liferay DXP 7.3 before fix pack 1, 7.2 before fix pack 17, and older unsupported versions does not obfuscate password reminder answers on the page, which allows attackers to use man-in-the-middle or shoulder surfing attacks t...
CVE-2021-29038
Liferay Portal 7.2.0 through 7.3.5, and older unsupported versions, and Liferay DXP 7.3 before fix pack 1, 7.2 before fix pack 17, and older unsupported versions does not obfuscate password reminder answers on the page, which allows attackers to use man-in-the-middle or shoulder surfing attacks t...
PT-2024-10915 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.3.5 Liferay DXP 7.3 before fix pack 1 Liferay DXP 7.2 before fix pack 17 Description: The issue allows attackers to use man-in-the-middle or shoulder surfing attacks to steal user's password reminder...
CVE-2021-29038
CVE-2021-29038 affects Liferay Portal 7.2.0–7.3.5 and older unsupported versions, and Liferay DXP 7.3 before fix pack 1, and 7.2 before fix pack 17. The issue: password reminder answers are not obfuscated on the page, enabling attackers to perform MITM or shoulder-surfing attacks to steal those a...
GHSA-XX2H-2HF5-V7VV Liferay Portal and Liferay DXP May Reveal S3 Store's Proxy Password
The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 does not obfuscate the S3 store's proxy password, which allows attackers to steal the proxy password via man-in-the-middl...