Vulnerabilities > Credentials Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-03-04 | CVE-2016-2283 | Credentials Management vulnerability in Moxa Ioadmin Firmware and Iologik Firmware Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt data, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors. | 5.3 |
| 2016-03-04 | CVE-2016-2282 | Credentials Management vulnerability in Moxa Ioadmin Firmware and Iologik Firmware Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors. | 5.3 |
| 2016-03-03 | CVE-2016-1356 | Credentials Management vulnerability in Cisco Firesight System Software 6.1.0 Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615. | 3.7 |
| 2016-02-27 | CVE-2015-7261 | Credentials Management vulnerability in Qnap Iartist Lite and Signage Station The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21. | 9.8 |
| 2016-02-13 | CVE-2016-0865 | Credentials Management vulnerability in Tollgrade Smartgrid Lighthouse Sensor Management System 4.1.0/5.0 Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote authenticated users to change arbitrary passwords via unspecified vectors. | 8.8 |
| 2016-02-10 | CVE-2016-0049 | Credentials Management vulnerability in Microsoft products Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate password changes, which allows remote attackers to bypass authentication by deploying a crafted Key Distribution Center (KDC) and then performing a sign-in action, aka "Windows Kerberos Security Feature Bypass." | 6.2 |
| 2016-02-08 | CVE-2015-3252 | Credentials Management vulnerability in Apache Cloudstack Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server. | 9.8 |
| 2016-02-08 | CVE-2016-2230 | Credentials Management vulnerability in Openelec OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session. | 9.8 |
| 2016-02-07 | CVE-2016-1307 | Credentials Management vulnerability in multiple products The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085. | 5.4 |
| 2016-01-26 | CVE-2016-1491 | Credentials Management vulnerability in Lenovo Shareit 2.5.1.1 The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area. | 8.8 |