Vulnerabilities > Insufficiently Protected Credentials

DATE CVE VULNERABILITY TITLE RISK
2021-10-06 CVE-2021-36178 Insufficiently Protected Credentials vulnerability in Fortinet Fortisdnconnector
A insufficiently protected credentials in Fortinet FortiSDNConnector version 1.1.7 and below allows attacker to disclose third-party devices credential information via configuration page lookup.
network
low complexity
fortinet CWE-522
6.5
6.5
2021-10-01 CVE-2021-36309 Insufficiently Protected Credentials vulnerability in Dell Enterprise Sonic OS
Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability.
network
low complexity
dell CWE-522
6.5
6.5
2021-09-30 CVE-2021-41297 Insufficiently Protected Credentials vulnerability in Ecoa products
ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by disclosing credentials of administrative accounts in plain-text.
network
low complexity
ecoa CWE-522
8.8
8.8
2021-09-30 CVE-2021-41300 Insufficiently Protected Credentials vulnerability in Ecoa products
ECOA BAS controller’s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page and obtain privilege with full functionality.
network
low complexity
ecoa CWE-522
critical
 9.8
9.8
2021-09-29 CVE-2021-39342 Insufficiently Protected Credentials vulnerability in Credova Financial
The Credova_Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled.
network
low complexity
credova CWE-522
7.5
7.5
2021-09-23 CVE-2021-20434 Insufficiently Protected Credentials vulnerability in IBM Security Verify Bridge
IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a local user.
local
low complexity
ibm CWE-522
4.4
4.4
2021-09-23 CVE-2021-38863 Insufficiently Protected Credentials vulnerability in IBM Security Verify Bridge
IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user.
local
low complexity
ibm CWE-522
5.5
5.5
2021-09-23 CVE-2021-1589 Insufficiently Protected Credentials vulnerability in Cisco Sd-Wan
A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials.
network
low complexity
cisco CWE-522
6.5
6.5
2021-09-20 CVE-2021-29811 Insufficiently Protected Credentials vulnerability in IBM Tivoli Netcool/Omnibus Webgui 8.1.0
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 stores user credentials in plain clear text which can be read by an authenticated admin user.
network
low complexity
ibm CWE-522
4.9
4.9
2021-09-09 CVE-2021-28498 Insufficiently Protected Credentials vulnerability in Arista Metamako Operating System
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user enable passwords set in clear text could result in unprivileged users getting complete access to the systems.
local
low complexity
arista CWE-522
7.8
7.8