Vulnerabilities > Insufficiently Protected Credentials

DATE CVE VULNERABILITY TITLE RISK
2021-07-30 CVE-2021-27491 Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,The Ypsomed mylife Cloud discloses password hashes during the registration process. 0.0
2021-07-30 CVE-2021-27495 Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,he Ypsomed mylife Cloud reflects the user password during the login process after redirecting the user from a HTTPS endpoint to a HTTP endpoint. 0.0
2021-07-22 CVE-2021-34700 Insufficiently Protected Credentials vulnerability in Cisco Sd-Wan Vmanage
A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read arbitrary files on the underlying file system of an affected system.
local
low complexity
cisco CWE-522
4.9
2021-07-19 CVE-2020-5315 Insufficiently Protected Credentials vulnerability in Dell EMC Repository Manager
Dell EMC Repository Manager (DRM) version 3.2 contains a plain-text password storage vulnerability.
local
low complexity
dell CWE-522
2.1
2021-07-19 CVE-2021-35965 Insufficiently Protected Credentials vulnerability in Learningdigital Orca HCM
The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrator’s privilege without logging in.
network
low complexity
learningdigital CWE-522
critical
10.0
2021-07-15 CVE-2021-32770 Insufficiently Protected Credentials vulnerability in Gatsbyjs Gatsby-Source-Wordpress
Gatsby is a framework for building websites.
network
low complexity
gatsbyjs CWE-522
5.0
2021-07-15 CVE-2020-12732 Insufficiently Protected Credentials vulnerability in Depstech Wifi Digital Microscope 3 Firmware
DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxxxx with a password of 12345678.
low complexity
depstech CWE-522
3.3
2021-07-15 CVE-2020-12734 Insufficiently Protected Credentials vulnerability in Depstech Wifi Digital Microscope 3 Firmware
DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change the SSID and password, and demand a ransom payment from the rightful device owner, because there is no way to reset to Factory Default settings.
low complexity
depstech CWE-522
4.8
2021-07-15 CVE-2021-20439 Insufficiently Protected Credentials vulnerability in IBM Security Access Manager and Security Verify Access
IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user.
network
low complexity
ibm CWE-522
5.0
2021-07-14 CVE-2021-22778 Insufficiently Protected Credentials vulnerability in Schneider-Electric products
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file.
local
low complexity
schneider-electric CWE-522
3.6