Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-14 | CVE-2021-22781 | Insufficiently Protected Credentials vulnerability in Schneider-Electric products Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause a leak of SMTP credential used for mailbox authentication when an attacker can access a project file. | 5.5 |
| 2021-07-14 | CVE-2021-35527 | Insufficiently Protected Credentials vulnerability in Hitachienergy Esoms Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. | 7.5 |
| 2021-07-12 | CVE-2021-21590 | Insufficiently Protected Credentials vulnerability in Dell products Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. | 6.7 |
| 2021-07-12 | CVE-2021-21591 | Insufficiently Protected Credentials vulnerability in Dell products Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. | 6.7 |
| 2021-07-12 | CVE-2021-36382 | Insufficiently Protected Credentials vulnerability in Devolutions Server Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext). | 3.7 |
| 2021-07-09 | CVE-2021-30116 | Insufficiently Protected Credentials vulnerability in Kaseya VSA Agent and VSA Server Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. | 9.8 |
| 2021-06-30 | CVE-2021-34075 | Insufficiently Protected Credentials vulnerability in Artica Pandora FMS In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access. | 5.9 |
| 2021-06-25 | CVE-2021-35050 | Insufficiently Protected Credentials vulnerability in Fidelissecurity Deception and Network User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. | 7.5 |
| 2021-06-16 | CVE-2021-34204 | Insufficiently Protected Credentials vulnerability in Dlink Dir-2640-Us Firmware 1.01B04 D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. | 6.8 |
| 2021-06-15 | CVE-2021-28857 | Insufficiently Protected Credentials vulnerability in Tp-Link Tl-Wpa4220 Firmware 4.0.2 TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie. | 7.5 |