Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-16 | CVE-2023-32988 | Insufficiently Protected Credentials vulnerability in Jenkins Azure VM Agents A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2023-05-12 | CVE-2022-47880 | Insufficiently Protected Credentials vulnerability in Jedox and Jedox Cloud An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function. | 5.3 |
| 2023-05-10 | CVE-2022-40685 | Insufficiently Protected Credentials vulnerability in Intel Data Center Manager Insufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access. | 6.5 |
| 2023-05-09 | CVE-2023-20046 | Insufficiently Protected Credentials vulnerability in Cisco Staros A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied credentials. | 8.8 |
| 2023-05-08 | CVE-2023-24506 | Insufficiently Protected Credentials vulnerability in Milesight Ncr/Camera Firmware 71.8.0.6R5 Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request. | 7.5 |
| 2023-05-03 | CVE-2022-45859 | Insufficiently Protected Credentials vulnerability in Fortinet Fortinac and Fortinac-F An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords. | 4.4 |
| 2023-04-28 | CVE-2023-25495 | Insufficiently Protected Credentials vulnerability in Lenovo products A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. | 4.9 |
| 2023-04-27 | CVE-2023-2335 | Insufficiently Protected Credentials vulnerability in 42Gears Surelock Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve Admin user credentials This issue affects surelock windows: from 2.3.12 through 2.40.0. | 7.5 |
| 2023-04-27 | CVE-2023-1778 | Insufficiently Protected Credentials vulnerability in Gajshield Data Security Firewall Firmware This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby enabling remote attackers to execute arbitrary commands with administrative/superuser privileges on the targeted systems. The vulnerability has been addressed by forcing the user to change their default password to a new non-default password. | 9.8 |
| 2023-04-26 | CVE-2023-26567 | Insufficiently Protected Credentials vulnerability in Sangoma Freepbx Linux 7 Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. | 8.1 |