Vulnerabilities > Credentials Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-08-10 | CVE-2006-4068 | Credentials Management vulnerability in Pswd.Js The pswd.js script relies on the client to calculate whether a username and password match hard-coded hashed values for a server, and uses a hashing scheme that creates a large number of collisions, which makes it easier for remote attackers to conduct offline brute force attacks. | 5.0 |
| 2006-07-31 | CVE-2006-2481 | Credentials Management vulnerability in VMWare ESX VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619). | 5.0 |
| 2006-03-06 | CVE-2006-1002 | Credentials Management vulnerability in Netgear Wgt624 NETGEAR WGT624 Wireless DSL router has a default account of super_username "Gearguy" and super_passwd "Geardog", which allows remote attackers to modify the configuration. | 10.0 |
| 2005-12-31 | CVE-2005-4862 | Credentials Management vulnerability in Xwiki 0.9.793 The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password. | 5.0 |
| 2004-12-31 | CVE-2004-2723 | Credentials Management vulnerability in Nessus Nessuswx 1.4.4 NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords. | 2.1 |
| 2004-12-31 | CVE-2004-2708 | Credentials Management vulnerability in Phrozensmoke Gyach Enhanced Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, which allows attackers to obtain user passwords by reading the configuration file. | 5.0 |
| 2004-12-31 | CVE-2004-2696 | Credentials Management vulnerability in BEA Weblogic Server BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call. | 5.5 |
| 2004-12-31 | CVE-2004-2532 | Credentials Management vulnerability in Solarwinds Serv-U File Server Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command. | 10.0 |
| 2004-08-04 | CVE-2004-1366 | Credentials Management vulnerability in Oracle products Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges. | 4.6 |
| 2003-12-31 | CVE-2003-1482 | Credentials Management vulnerability in Microsoft Mn-500 Wireless Base Station The backup configuration file for Microsoft MN-500 wireless base station stores administrative passwords in plaintext, which allows local users to gain access. | 4.6 |