Vulnerabilities > Insufficiently Protected Credentials

DATE CVE VULNERABILITY TITLE RISK
2023-03-03 CVE-2023-0457 Insufficiently Protected Credentials vulnerability in Mitsubishielectric products
Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U(C) CPU modules all models all versions, FX5UJ CPU modules all models all versions, FX5S CPU modules all models all versions, FX5-ENET all versions and FX5-ENET/IP all versions allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server.
network
low complexity
mitsubishielectric CWE-522
7.5
2023-03-01 CVE-2022-37935 Insufficiently Protected Credentials vulnerability in HP Oneview for VMWare Vcenter
HPE OneView for VMware vCenter, in certain circumstances, may disclose the “HPE OneView” Username and Password.
local
low complexity
hp CWE-522
5.5
2023-02-22 CVE-2022-45599 Insufficiently Protected Credentials vulnerability in Aztech Wmb250Ac Firmware 0162020
Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable to PHP Type Juggling in file /var/www/login.php, allows attackers to gain escalated privileges only when specific conditions regarding a given accounts hashed password.
network
low complexity
aztech CWE-522
critical
9.8
2023-02-16 CVE-2022-47703 Insufficiently Protected Credentials vulnerability in Tianjie Cpe906-3 and Cpe906-3 Firmware
TIANJIE CPE906-3 is vulnerable to password disclosure.
network
low complexity
tianjie CWE-522
7.5
2023-02-16 CVE-2022-41614 Insufficiently Protected Credentials vulnerability in Intel on Event Series
Insufficiently protected credentials in the Intel(R) ON Event Series Android application before version 2.0 may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
intel CWE-522
5.5
2023-02-16 CVE-2022-40678 Insufficiently Protected Credentials vulnerability in Fortinet Fortinac
An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords.
local
low complexity
fortinet CWE-522
7.8
2023-02-16 CVE-2022-43969 Insufficiently Protected Credentials vulnerability in Ricoh products
Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials.
network
low complexity
ricoh CWE-522
critical
9.1
2023-02-15 CVE-2023-23463 Insufficiently Protected Credentials vulnerability in Sunellsecurity products
Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through an unspecified request.
network
low complexity
sunellsecurity CWE-522
7.5
2023-02-15 CVE-2023-23466 Insufficiently Protected Credentials vulnerability in Mediacp Media Control Panel 2.13.1
Media CP Media Control Panel latest version.
network
low complexity
mediacp CWE-522
7.5
2023-02-15 CVE-2023-24498 Insufficiently Protected Credentials vulnerability in Netgear Prosafe Fs726Tp Firmware
An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text.
network
low complexity
netgear CWE-522
7.5