Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-20 | CVE-2021-42913 | Insufficiently Protected Credentials vulnerability in Samsung Syncthru web Service The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. | 7.5 |
| 2021-12-16 | CVE-2021-3179 | Insufficiently Protected Credentials vulnerability in Gglocker Project Gglocker GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass. | 5.5 |
| 2021-12-16 | CVE-2021-45097 | Insufficiently Protected Credentials vulnerability in Knime Server 4.12.5/4.13.3 KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its content. | 5.5 |
| 2021-12-14 | CVE-2021-42023 | Insufficiently Protected Credentials vulnerability in Siemens Modelsim and Questa A vulnerability has been identified in ModelSim Simulation (All versions), Questa Simulation (All versions). | 6.5 |
| 2021-12-13 | CVE-2021-40857 | Insufficiently Protected Credentials vulnerability in Auerswald products Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring. | 8.8 |
| 2021-12-10 | CVE-2021-37187 | Insufficiently Protected Credentials vulnerability in Digi products An issue was discovered on Digi TransPort devices through 2021-07-21. | 6.5 |
| 2021-12-09 | CVE-2021-20146 | Insufficiently Protected Credentials vulnerability in Gryphonconnect Gryphon Tower Firmware An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root access to a server affiliated with Gryphon's development and infrastructure. | 9.8 |
| 2021-12-08 | CVE-2021-43978 | Insufficiently Protected Credentials vulnerability in Allegro 3.3.4152.0 Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary files, which allows users to access and modify data using the same credentials. | 8.1 |
| 2021-12-07 | CVE-2020-27413 | Insufficiently Protected Credentials vulnerability in Mahadiscom Mahavitaran 7.50 An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application. | 4.2 |
| 2021-11-24 | CVE-2021-42306 | Insufficiently Protected Credentials vulnerability in Microsoft products An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential? on an Azure AD Application or Service Principal (which is not recommended). | 8.1 |