Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-27 | CVE-2023-1778 | Insufficiently Protected Credentials vulnerability in Gajshield Data Security Firewall Firmware This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby enabling remote attackers to execute arbitrary commands with administrative/superuser privileges on the targeted systems. The vulnerability has been addressed by forcing the user to change their default password to a new non-default password. | 9.8 |
| 2023-04-26 | CVE-2023-26567 | Insufficiently Protected Credentials vulnerability in Sangoma Freepbx Linux 7 Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. | 8.1 |
| 2023-04-25 | CVE-2023-28084 | Insufficiently Protected Credentials vulnerability in multiple products HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens | 5.5 |
| 2023-04-25 | CVE-2023-28088 | Insufficiently Protected Credentials vulnerability in HP Oneview An HPE OneView appliance dump may expose SAN switch administrative credentials | 7.8 |
| 2023-04-25 | CVE-2023-28089 | Insufficiently Protected Credentials vulnerability in HP Oneview An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules | 7.1 |
| 2023-04-25 | CVE-2023-28090 | Insufficiently Protected Credentials vulnerability in HP Oneview An HPE OneView appliance dump may expose SNMPv3 read credentials | 5.5 |
| 2023-04-24 | CVE-2023-28131 | Insufficiently Protected Credentials vulnerability in Expo Software Development KIT 45.0.0/46.0.0/47.0.0 A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. | 9.6 |
| 2023-04-21 | CVE-2021-33589 | Insufficiently Protected Credentials vulnerability in Ribose RNP Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm. | 7.5 |
| 2023-04-19 | CVE-2022-4308 | Insufficiently Protected Credentials vulnerability in Secomea Gatemanager 9.6.621421014 Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked. | 8.8 |
| 2023-04-19 | CVE-2023-25760 | Insufficiently Protected Credentials vulnerability in Uniguest Tripleplay 3.4.0 Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload | 8.8 |