Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-12 | CVE-2021-43332 | Insufficiently Protected Credentials vulnerability in multiple products In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. | 6.5 |
| 2021-11-11 | CVE-2021-43397 | Insufficiently Protected Credentials vulnerability in Liquidfiles LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin. | 8.8 |
| 2021-11-02 | CVE-2021-41023 | Insufficiently Protected Credentials vulnerability in Fortinet Fortisiem A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated user to disclosure agent password due to plaintext credential storage in log files | 5.5 |
| 2021-10-22 | CVE-2020-23036 | Insufficiently Protected Credentials vulnerability in Medianavi Smacom 1.2 MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of the `password` authentication parameter of the wifi photo transfer module. | 5.9 |
| 2021-10-21 | CVE-2021-28496 | Insufficiently Protected Credentials vulnerability in Arista EOS On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the device. | 6.5 |
| 2021-10-06 | CVE-2021-41125 | Insufficiently Protected Credentials vulnerability in multiple products Scrapy is a high-level web crawling and scraping framework for Python. | 6.5 |
| 2021-10-06 | CVE-2021-36170 | Insufficiently Protected Credentials vulnerability in Fortinet Fortianalyzer and Fortimanager An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext. | 3.2 |
| 2021-10-06 | CVE-2021-36178 | Insufficiently Protected Credentials vulnerability in Fortinet Fortisdnconnector A insufficiently protected credentials in Fortinet FortiSDNConnector version 1.1.7 and below allows attacker to disclose third-party devices credential information via configuration page lookup. | 6.5 |
| 2021-10-01 | CVE-2021-36309 | Insufficiently Protected Credentials vulnerability in Dell Enterprise Sonic OS Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. | 6.5 |
| 2021-09-29 | CVE-2021-39342 | Insufficiently Protected Credentials vulnerability in Credova Financial The Credova_Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. | 7.5 |