| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission (folder-scoped credentials). |
| WF2220 exposes endpoint /cgi-bin-igd/netcore_get.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password.
The vendor was contacted early about this disclosure but did not respond in any way. |
| Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials.This issue affects Panel: before v2.3.24. |
| An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the /config.php endpoint. |
| IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user. |
| IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions. |
| IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698. |
| Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions |
| IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code. |
| A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as problematic. Affected is an unknown function of the component Dispositivos Edição Page. The manipulation of the argument Senha de Comunicação leads to unprotected storage of credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. According to the vendor this issue should be fixed in a later release. |
| BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authentication is required to exploit this vulnerability.
The specific flaw exists within the web-based user interface. The issue results from storing credentials in a recoverable format. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25986. |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9
could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text. |
| IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user. |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9
stores user credentials in plain text which can be read by an authenticated user with access to the pod. |
| Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to store credentials in plaintext. |
| Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials. |
| An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via the /mnt/mtd/mvconf/wifi.ini and /mnt/mtd/mvconf/user_info.ini components. |
| IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748. |
| Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access a specific page and obtain plaintext administrator credentials. |
| A vulnerability exists in the SOAP Web services of the Asset
Suite versions listed below. If successfully exploited, an attacker
could gain unauthorized access to the product and the time window of a possible password attack could be expanded. |
