Vulnerabilities > Credentials Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-05 | CVE-2015-8945 | Credentials Management vulnerability in Openshift Origin openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal. | 5.1 |
| 2016-08-03 | CVE-2016-5670 | Credentials Management vulnerability in Crestron Dm-Txrx-100-Str Firmware 1.2866.00026 Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface. | 9.8 |
| 2016-07-15 | CVE-2016-0330 | Credentials Management vulnerability in IBM Security Identity Manager Adapter IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles password creation, which makes it easier for remote attackers to obtain access by leveraging an attack against the password algorithm. | 7.3 |
| 2016-07-11 | CVE-2016-3749 | Credentials Management vulnerability in Google Android 6.0/6.0.1 server/LockSettingsService.java in LockSettingsService in Android 6.x before 2016-07-01 allows attackers to modify the screen-lock password or pattern via a crafted application, aka internal bug 28163930. | 8.4 |
| 2016-06-29 | CVE-2016-5838 | Credentials Management vulnerability in Wordpress WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie. | 7.5 |
| 2016-06-10 | CVE-2016-4527 | Credentials Management vulnerability in ABB Pcm600 2.6 ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors. | 3.3 |
| 2016-04-26 | CVE-2016-1601 | Credentials Management vulnerability in Suse Yast2 yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow attackers to have unspecified impact via unknown vectors. | 9.8 |
| 2016-04-25 | CVE-2016-2331 | Credentials Management vulnerability in Systech Syslink Sl-1000 Modular Gateway Firmware The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors. | 9.8 |
| 2016-04-22 | CVE-2016-2203 | Credentials Management vulnerability in Symantec Messaging Gateway 10.6.0 The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges. | 7.8 |
| 2016-04-06 | CVE-2015-7921 | Credentials Management vulnerability in Schneider-Electric products The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials. | 9.1 |