Vulnerabilities > Cleartext Storage of Sensitive Information

DATE CVE VULNERABILITY TITLE RISK
2008-01-29 CVE-2008-0174 Cleartext Storage of Sensitive Information vulnerability in GE Proficy Real-Time Information Portal 2.6
GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges.
network
low complexity
ge CWE-312
critical
9.8
2007-11-01 CVE-2007-5778 Cleartext Storage of Sensitive Information vulnerability in Flexispy Mobile SPY
Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network.
network
low complexity
flexispy CWE-312
7.5
2005-07-11 CVE-2005-2209 Cleartext Storage of Sensitive Information vulnerability in Capturix Scanshare 1.06
Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users.
local
low complexity
capturix CWE-312
5.5
2005-07-06 CVE-2005-2160 Cleartext Storage of Sensitive Information vulnerability in Ipswitch Imail 2006
IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information.
network
low complexity
ipswitch CWE-312
7.5
2005-05-26 CVE-2005-1828 Cleartext Storage of Sensitive Information vulnerability in Dlink Dsl-504T Firmware
D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information.
network
low complexity
dlink CWE-312
7.5
2004-12-31 CVE-2004-2397 Cleartext Storage of Sensitive Information vulnerability in Broadcom Bluecoat Security Gateway
The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates.
network
low complexity
broadcom CWE-312
7.5
2002-12-31 CVE-2002-1800 Cleartext Storage of Sensitive Information vulnerability in PHPrank 1.8
phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password.
network
low complexity
phprank CWE-312
7.5
2002-12-31 CVE-2002-1696 Cleartext Storage of Sensitive Information vulnerability in PGP Personal Privacy 7.0/7.0.3/7.0.4
Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message.
local
low complexity
pgp CWE-312
5.5
2001-12-31 CVE-2001-1537 Cleartext Storage of Sensitive Information vulnerability in Symfony Twig
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.
network
low complexity
symfony CWE-312
7.5
2001-12-31 CVE-2001-1536 Cleartext Storage of Sensitive Information vulnerability in Audiogalaxy
Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack.
network
low complexity
audiogalaxy CWE-312
7.5