Vulnerabilities > Credentials Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-03-20 | CVE-2008-1394 | Credentials Management vulnerability in Plone CMS Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network. | 7.5 |
| 2008-03-20 | CVE-2008-1393 | Credentials Management vulnerability in Plone CMS Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network. | 10.0 |
| 2008-03-10 | CVE-2008-1218 | Credentials Management vulnerability in Dovecot Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified. | 6.8 |
| 2008-03-06 | CVE-2008-1184 | Credentials Management vulnerability in Dnssec-Tools The DNSSEC validation library (libval) library in dnssec-tools before 1.3.1 does not properly check that the signing key is the APEX trust anchor, which might allow attackers to conduct unspecified attacks. | 5.0 |
| 2008-02-12 | CVE-2008-0724 | Credentials Management vulnerability in the Everything Development Company the Everything Development Engine The Everything Development Engine in The Everything Development System Pre-1.0 and earlier stores passwords in cleartext in a database, which makes it easier for context-dependent attackers to obtain access to user accounts. | 5.0 |
| 2008-02-06 | CVE-2008-0604 | Credentials Management vulnerability in Xlight FTP Server Xlight FTP Server The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions. | 6.8 |
| 2008-02-05 | CVE-2007-6340 | Credentials Management vulnerability in Moernaut Lsrunase and Supercrypt Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector (IV), which makes it easier for local users to obtain cleartext passwords. | 2.1 |
| 2008-01-23 | CVE-2008-0440 | Credentials Management vulnerability in Alstrasoft Forum PAY PER Post Exchange 2.0 AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts. | 5.0 |
| 2008-01-23 | CVE-2008-0029 | Credentials Management vulnerability in Cisco Application Velocity System 5.0.1 Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges. | 10.0 |
| 2008-01-04 | CVE-2007-6661 | Credentials Management vulnerability in 2Z Project 2Z Project 0.9.6.1 2z project 0.9.6.1 allows attackers to change the password without supplying the old password. | 6.4 |