Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-12 | CVE-2020-15942 | Insufficiently Protected Credentials vulnerability in Fortinet Fortiweb An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile. | 6.5 |
| 2021-04-08 | CVE-2021-22115 | Insufficiently Protected Credentials vulnerability in Cloudfoundry Capi-Release Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. | 6.5 |
| 2021-04-02 | CVE-2020-11925 | Insufficiently Protected Credentials vulnerability in Luvion Grand Elite 3 Connect Firmware 20200225 An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. | 8.8 |
| 2021-03-30 | CVE-2021-21634 | Insufficiently Protected Credentials vulnerability in Jenkins Jabber (Xmpp) Notifier and Control Jenkins Jabber (XMPP) notifier and control Plugin 1.41 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2021-03-26 | CVE-2021-29255 | Insufficiently Protected Credentials vulnerability in Microseven Mym71080I-B Firmware MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credentials in cleartext to pnp.microseven.com TCP port 7007. | 7.5 |
| 2021-03-25 | CVE-2021-27372 | Insufficiently Protected Credentials vulnerability in Realtek Xpon Rtl9601D Software Development KIT 1.9 Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute arbitrary commands. | 9.8 |
| 2021-03-24 | CVE-2021-1392 | Insufficiently Protected Credentials vulnerability in Cisco IOS and IOS XE A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the device as an administrative user. | 7.8 |
| 2021-03-18 | CVE-2021-3141 | Insufficiently Protected Credentials vulnerability in Unisys Stealth 6.0 In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is stored in a recoverable format that might be accessible by a local attacker, who could gain access to the Management Server and change the Stealth configuration. | 7.8 |
| 2021-03-16 | CVE-2021-3344 | Insufficiently Protected Credentials vulnerability in Redhat Openshift Builder and Openshift Container Platform A privilege escalation flaw was found in OpenShift builder. | 8.8 |
| 2021-03-03 | CVE-2021-27935 | Insufficiently Protected Credentials vulnerability in Adguard Home An issue was discovered in AdGuard before 0.105.2. | 7.5 |