Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-09 | CVE-2023-31136 | Insufficiently Protected Credentials vulnerability in Vapor Postgresnio PostgresNIO is a Swift client for PostgreSQL. | 5.9 |
| 2023-05-09 | CVE-2023-28764 | Insufficiently Protected Credentials vulnerability in SAP Businessobjects 4.20/4.30 SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. | 5.9 |
| 2023-05-08 | CVE-2023-24506 | Insufficiently Protected Credentials vulnerability in Milesight Ncr/Camera Firmware 71.8.0.6R5 Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request. | 7.5 |
| 2023-05-03 | CVE-2022-45859 | Insufficiently Protected Credentials vulnerability in Fortinet Fortinac and Fortinac-F An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords. | 4.4 |
| 2023-04-28 | CVE-2023-25495 | Insufficiently Protected Credentials vulnerability in Lenovo products A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. | 4.9 |
| 2023-04-27 | CVE-2023-2335 | Insufficiently Protected Credentials vulnerability in 42Gears Surelock Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve Admin user credentials This issue affects surelock windows: from 2.3.12 through 2.40.0. | 7.5 |
| 2023-04-27 | CVE-2023-1778 | Insufficiently Protected Credentials vulnerability in Gajshield Data Security Firewall Firmware This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby enabling remote attackers to execute arbitrary commands with administrative/superuser privileges on the targeted systems. The vulnerability has been addressed by forcing the user to change their default password to a new non-default password. | 9.8 |
| 2023-04-26 | CVE-2023-30846 | Insufficiently Protected Credentials vulnerability in Microsoft Typed-Rest-Client typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. | 7.5 |
| 2023-04-26 | CVE-2023-26567 | Insufficiently Protected Credentials vulnerability in Sangoma Freepbx Linux 7 Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. | 8.1 |
| 2023-04-25 | CVE-2023-28084 | Insufficiently Protected Credentials vulnerability in multiple products HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens | 5.5 |