Vulnerabilities > Credentials Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-02 | CVE-2014-1835 | Credentials Management vulnerability in Echor Project Echor 0.1.6 The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table. | 2.1 |
| 2018-01-30 | CVE-2016-6599 | Credentials Management vulnerability in BMC Track-It! 11.4 BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. | 7.5 |
| 2018-01-10 | CVE-2014-5002 | Credentials Management vulnerability in Lynx Project Lynx The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes. | 2.1 |
| 2018-01-05 | CVE-2014-8335 | Credentials Management vulnerability in Wp-Dbmanager Project Wp-Dbmanager (1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. | 2.1 |
| 2017-12-11 | CVE-2016-6904 | Credentials Management vulnerability in Netapp Vasa Provider Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. | 4.3 |
| 2017-11-07 | CVE-2016-0872 | Credentials Management vulnerability in Kabona Webdatorcentral A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. | 5.0 |
| 2017-10-24 | CVE-2013-3734 | Credentials Management vulnerability in Redhat Jboss Application Server 1.2 The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive information by leveraging failure to use SSL or (2) attackers to obtain sensitive information by reading the HTML source code. | 6.6 |
| 2017-10-17 | CVE-2014-8357 | Credentials Management vulnerability in Dasanzhone Znid 2426A Firmware backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf. | 4.0 |
| 2017-10-13 | CVE-2016-6815 | Credentials Management vulnerability in Apache Ranger In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role. | 4.0 |
| 2017-09-30 | CVE-2016-10512 | Credentials Management vulnerability in Multitech Faxfinder MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity function of its LDAP configuration. | 10.0 |