Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-26 | CVE-2021-29253 | Insufficiently Protected Credentials vulnerability in RSA Archer The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2) is affected by an insecure credential storage vulnerability. | 5.5 |
| 2021-05-24 | CVE-2021-20389 | Insufficiently Protected Credentials vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 stores user credentials in plain clear text which can be read by a local user. | 7.8 |
| 2021-05-21 | CVE-2020-12061 | Insufficiently Protected Credentials vulnerability in Nitrokey Fido U2F Firmware An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. | 9.8 |
| 2021-05-20 | CVE-2020-24396 | Insufficiently Protected Credentials vulnerability in Hom.Ee Brain Cube Core 2.28.2/2.28.4 homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive SSH keys within downloadable and unencrypted firmware images. | 7.5 |
| 2021-05-17 | CVE-2021-29043 | Insufficiently Protected Credentials vulnerability in Liferay DXP 7.0 The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 does not obfuscate the S3 store's proxy password, which allows attackers to steal the proxy password via man-in-the-middle attacks or shoulder surfing. | 5.9 |
| 2021-05-13 | CVE-2021-20997 | Insufficiently Protected Credentials vulnerability in Wago products In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users. | 7.5 |
| 2021-05-06 | CVE-2021-27941 | Insufficiently Protected Credentials vulnerability in Coolkit Ewelink Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during a device pairing process. | 4.6 |
| 2021-04-28 | CVE-2020-21994 | Insufficiently Protected Credentials vulnerability in AVE products AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack. | 9.8 |
| 2021-04-28 | CVE-2021-30169 | Insufficiently Protected Credentials vulnerability in Meritlilin products The sensitive information of webcam device is not properly protected. | 7.5 |
| 2021-04-13 | CVE-2021-29262 | Insufficiently Protected Credentials vulnerability in Apache Solr When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. | 7.5 |