Vulnerabilities > Cleartext Storage of Sensitive Information

DATE CVE VULNERABILITY TITLE RISK
2020-01-08 CVE-2011-5247 Cleartext Storage of Sensitive Information vulnerability in Prophecyinternational Snare
Snare for Linux before 1.7.0 has password disclosure because the rendered page contains the field RemotePassword.
network
low complexity
prophecyinternational CWE-312
7.5
2020-01-05 CVE-2019-19314 Cleartext Storage of Sensitive Information vulnerability in Gitlab
GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext.
network
low complexity
gitlab CWE-312
7.5
2019-12-04 CVE-2019-19228 Cleartext Storage of Sensitive Information vulnerability in Fronius products
Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file.
network
low complexity
fronius CWE-312
critical
9.8
2019-11-27 CVE-2019-6670 Cleartext Storage of Sensitive Information vulnerability in F5 products
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5, vCMP hypervisors are incorrectly exposing the plaintext unit key for their vCMP guests on the filesystem.
local
low complexity
f5 CWE-312
4.4
2019-11-26 CVE-2016-3192 Cleartext Storage of Sensitive Information vulnerability in Cloudera Manager
Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files.
network
low complexity
cloudera CWE-312
6.5
2019-11-26 CVE-2019-14890 Cleartext Storage of Sensitive Information vulnerability in Redhat Ansible Tower 3.6.0
A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license.
local
low complexity
redhat CWE-312
8.4
2019-11-25 CVE-2019-5848 Cleartext Storage of Sensitive Information vulnerability in Google Chrome
Incorrect font handling in autofill in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
network
low complexity
google CWE-312
6.5
2019-11-15 CVE-2011-2916 Cleartext Storage of Sensitive Information vulnerability in Qtnx Project Qtnx 0.9
qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file.
local
low complexity
qtnx-project CWE-312
5.5
2019-11-08 CVE-2008-7272 Cleartext Storage of Sensitive Information vulnerability in Getfiregpg Firegpg
FireGPG before 0.6 handle user’s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users’s private key.
network
low complexity
getfiregpg CWE-312
7.5
2019-11-05 CVE-2019-8118 Cleartext Storage of Sensitive Information vulnerability in Magento
Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.
network
low complexity
magento CWE-312
5.3