Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-11 | CVE-2023-50125 | Insufficiently Protected Credentials vulnerability in Hozard Alarm System 1.0 A default engineer password set on the Hozard alarm system (Alarmsysteem) v1.0 allows an attacker to bring the alarm system to a disarmed state. | 5.9 |
| 2024-01-10 | CVE-2023-29447 | Insufficiently Protected Credentials vulnerability in PTC products An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication. | 5.3 |
| 2024-01-01 | CVE-2023-6421 | Insufficiently Protected Credentials vulnerability in Wpdownloadmanager Wordpress Download Manager The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one. | 7.5 |
| 2023-12-25 | CVE-2022-39820 | Insufficiently Protected Credentials vulnerability in Nokia Network Functions Manager for Transport 19.9 In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. | 6.5 |
| 2023-12-18 | CVE-2023-47741 | Insufficiently Protected Credentials vulnerability in IBM DB2 Mirror for I and I IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. | 5.3 |
| 2023-12-13 | CVE-2023-6791 | Insufficiently Protected Credentials vulnerability in Paloaltonetworks Pan-Os A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface. | 4.9 |
| 2023-12-13 | CVE-2023-50770 | Insufficiently Protected Credentials vulnerability in Jenkins Openid Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins. | 6.7 |
| 2023-12-13 | CVE-2023-47577 | Insufficiently Protected Credentials vulnerability in Relyum Rely-Pcie Firmware and Rely-Rec Firmware An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 allows for unauthorized password changes due to no check for current password. | 9.8 |
| 2023-12-12 | CVE-2018-16153 | Insufficiently Protected Credentials vulnerability in Apereo Opencast An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. | 7.5 |
| 2023-12-09 | CVE-2023-47722 | Insufficiently Protected Credentials vulnerability in IBM API Connect 10.0.5.3/10.0.6.0 IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. | 5.5 |