Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-09 | CVE-2021-28499 | Insufficiently Protected Credentials vulnerability in Arista Metamako Operating System In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. | 5.5 |
| 2021-09-02 | CVE-2021-34733 | Insufficiently Protected Credentials vulnerability in Cisco products A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. | 5.5 |
| 2021-09-01 | CVE-2021-39373 | Insufficiently Protected Credentials vulnerability in Samsung Drive Manager 2.0.104 Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers to bypass intended access controls on disk management. | 7.8 |
| 2021-08-31 | CVE-2021-21681 | Insufficiently Protected Credentials vulnerability in Jenkins Nomad Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 5.5 |
| 2021-08-31 | CVE-2021-34560 | Insufficiently Protected Credentials vulnerability in Pepperl-Fuchs products In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. | 5.5 |
| 2021-08-24 | CVE-2021-30948 | Insufficiently Protected Credentials vulnerability in Apple Iphone OS An inconsistent user interface issue was addressed with improved state management. | 4.6 |
| 2021-08-23 | CVE-2021-39289 | Insufficiently Protected Credentials vulnerability in Netmodule Router Software 4.3.0.0/4.4.0.0 Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption), These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800. | 7.5 |
| 2021-08-20 | CVE-2021-35529 | Insufficiently Protected Credentials vulnerability in Hitachienergy products Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. | 7.2 |
| 2021-08-07 | CVE-2021-38165 | Insufficiently Protected Credentials vulnerability in multiple products Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. | 5.3 |
| 2021-08-06 | CVE-2021-20597 | Insufficiently Protected Credentials vulnerability in Mitsubishielectric products Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password. | 9.1 |