Vulnerabilities > Cleartext Storage of Sensitive Information
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-05-11 | CVE-2009-1603 | Cleartext Storage of Sensitive Information vulnerability in multiple products src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted. | 7.5 |
2009-03-19 | CVE-2009-0964 | Cleartext Storage of Sensitive Information vulnerability in Xlinesoft PHPrunner UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. | 7.5 |
2009-02-17 | CVE-2008-6157 | Cleartext Storage of Sensitive Information vulnerability in Sepcity Classified ADS SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which allows context-dependent attackers to obtain sensitive information. | 7.5 |
2008-03-31 | CVE-2008-1567 | Cleartext Storage of Sensitive Information vulnerability in multiple products phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. | 5.5 |
2008-01-29 | CVE-2008-0174 | Cleartext Storage of Sensitive Information vulnerability in GE Proficy Real-Time Information Portal GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges. | 9.8 |
2007-11-01 | CVE-2007-5778 | Cleartext Storage of Sensitive Information vulnerability in Flexispy Mobile SPY Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network. | 7.5 |
2005-07-11 | CVE-2005-2209 | Cleartext Storage of Sensitive Information vulnerability in Capturix Scanshare 1.06 Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users. | 5.5 |
2005-07-06 | CVE-2005-2160 | Cleartext Storage of Sensitive Information vulnerability in Ipswitch Imail 2006 IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information. | 7.5 |
2005-05-26 | CVE-2005-1828 | Cleartext Storage of Sensitive Information vulnerability in Dlink Dsl-504T Firmware D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information. | 7.5 |
2004-12-31 | CVE-2004-2397 | Cleartext Storage of Sensitive Information vulnerability in Broadcom Bluecoat Security Gateway The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates. | 7.5 |