Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-17 | CVE-2023-31492 | Insufficiently Protected Credentials vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users. | 6.5 |
| 2023-08-16 | CVE-2023-40345 | Insufficiently Protected Credentials vulnerability in Jenkins Delphix Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to. | 6.5 |
| 2023-08-16 | CVE-2023-40347 | Insufficiently Protected Credentials vulnerability in Jenkins Maven Artifact Choicelistprovider (Nexus) Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. | 6.5 |
| 2023-08-14 | CVE-2023-20965 | Insufficiently Protected Credentials vulnerability in Google Android 13.0 In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. | 9.8 |
| 2023-08-03 | CVE-2023-36082 | Insufficiently Protected Credentials vulnerability in Gatesair Flexiva FAX 150W Firmware An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials. | 9.8 |
| 2023-07-13 | CVE-2023-34128 | Insufficiently Protected Credentials vulnerability in Sonicwall Analytics and Global Management System Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. | 9.8 |
| 2023-07-12 | CVE-2023-36266 | Insufficiently Protected Credentials vulnerability in Keepersecurity Keeper and Keeperfill An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the KeeperFill Browser Extensions version 16.5.4, allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout. | 5.5 |
| 2023-07-12 | CVE-2023-37951 | Insufficiently Protected Credentials vulnerability in Jenkins Mabl Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. | 6.5 |
| 2023-06-29 | CVE-2023-36476 | Insufficiently Protected Credentials vulnerability in Nixos Calamares-Nixos-Extensions calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. | 5.5 |
| 2023-06-27 | CVE-2020-18406 | Insufficiently Protected Credentials vulnerability in Cmseasy 7.0 An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data. | 7.5 |