Vulnerabilities > Cleartext Storage of Sensitive Information

DATE CVE VULNERABILITY TITLE RISK
2016-05-31 CVE-2016-0876 Cleartext Storage of Sensitive Information vulnerability in Moxa Edr-G903 Firmware
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file.
network
low complexity
moxa CWE-312
5.0
2015-08-03 CVE-2015-5537 Cleartext Storage of Sensitive Information vulnerability in Siemens products
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.
network
siemens CWE-312
4.3
2009-07-01 CVE-2009-2272 Cleartext Storage of Sensitive Information vulnerability in Huawei D100 Firmware
The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors.
network
low complexity
huawei CWE-312
7.5
2009-06-08 CVE-2008-6828 Cleartext Storage of Sensitive Information vulnerability in Symantec Altiris Deployment Solution
Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server.
local
low complexity
symantec CWE-312
7.8
2009-05-14 CVE-2009-1466 Cleartext Storage of Sensitive Information vulnerability in Klinzmann Application Access Server 2.0.48
Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file.
local
low complexity
klinzmann CWE-312
5.5
2009-05-13 CVE-2009-0152 Cleartext Storage of Sensitive Information vulnerability in Apple mac OS X and mac OS X Server
iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network.
network
low complexity
apple CWE-312
7.5
2009-05-11 CVE-2009-1603 Cleartext Storage of Sensitive Information vulnerability in multiple products
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted.
network
low complexity
opensc-project fedoraproject CWE-312
7.5
2009-03-19 CVE-2009-0964 Cleartext Storage of Sensitive Information vulnerability in Xlinesoft PHPrunner
UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges.
network
low complexity
xlinesoft CWE-312
7.5
2009-02-17 CVE-2008-6157 Cleartext Storage of Sensitive Information vulnerability in Sepcity Classified ADS
SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which allows context-dependent attackers to obtain sensitive information.
network
low complexity
sepcity CWE-312
7.5
2008-03-31 CVE-2008-1567 Cleartext Storage of Sensitive Information vulnerability in multiple products
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.
5.5