Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-03 | CVE-2022-45859 | Insufficiently Protected Credentials vulnerability in Fortinet Fortinac and Fortinac-F An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords. | 4.4 |
| 2023-04-28 | CVE-2023-25495 | Insufficiently Protected Credentials vulnerability in Lenovo products A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. | 4.9 |
| 2023-04-27 | CVE-2023-2335 | Insufficiently Protected Credentials vulnerability in 42Gears Surelock Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve Admin user credentials This issue affects surelock windows: from 2.3.12 through 2.40.0. | 7.5 |
| 2023-04-27 | CVE-2023-1778 | Insufficiently Protected Credentials vulnerability in Gajshield Data Security Firewall Firmware This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby enabling remote attackers to execute arbitrary commands with administrative/superuser privileges on the targeted systems. The vulnerability has been addressed by forcing the user to change their default password to a new non-default password. | 9.8 |
| 2023-04-26 | CVE-2023-26567 | Insufficiently Protected Credentials vulnerability in Sangoma Freepbx Linux 7 Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. | 8.1 |
| 2023-04-25 | CVE-2023-28084 | Insufficiently Protected Credentials vulnerability in multiple products HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens | 5.5 |
| 2023-04-25 | CVE-2023-28088 | Insufficiently Protected Credentials vulnerability in HP Oneview An HPE OneView appliance dump may expose SAN switch administrative credentials | 7.8 |
| 2023-04-25 | CVE-2023-28089 | Insufficiently Protected Credentials vulnerability in HP Oneview An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules | 7.1 |
| 2023-04-25 | CVE-2023-28090 | Insufficiently Protected Credentials vulnerability in HP Oneview An HPE OneView appliance dump may expose SNMPv3 read credentials | 5.5 |
| 2023-04-24 | CVE-2023-28131 | Insufficiently Protected Credentials vulnerability in Expo Software Development KIT 45.0.0/46.0.0/47.0.0 A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. | 9.6 |