Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-11 | CVE-2024-20489 | Insufficiently Protected Credentials vulnerability in Cisco IOS XR A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. | 5.5 |
| 2024-09-10 | CVE-2024-44815 | Insufficiently Protected Credentials vulnerability in Hathway Skyworth Cm5100-511 Firmware 4.1.1.24 Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV. | 4.6 |
| 2024-09-05 | CVE-2024-39278 | Insufficiently Protected Credentials vulnerability in Echostar Fusion Credentials to access device configuration information stored unencrypted in flash memory. | 4.6 |
| 2024-08-15 | CVE-2024-40704 | Insufficiently Protected Credentials vulnerability in IBM Infosphere Information Server 11.7/11.7.0.1/11.7.0.2 IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. | 4.9 |
| 2024-08-15 | CVE-2024-7813 | Insufficiently Protected Credentials vulnerability in Prison Management System Project Prison Management System 1.0 A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. | 7.5 |
| 2024-08-14 | CVE-2024-39818 | Insufficiently Protected Credentials vulnerability in Zoom products Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access. | 6.5 |
| 2024-08-12 | CVE-2024-36460 | Insufficiently Protected Credentials vulnerability in Zabbix The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text. | 8.1 |
| 2024-08-05 | CVE-2024-6118 | Insufficiently Protected Credentials vulnerability in Hamastar Meetinghub Paperless Meetings 2021 A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file. | 9.1 |
| 2024-07-31 | CVE-2024-3082 | Insufficiently Protected Credentials vulnerability in Proges Sensor NET Connect Firmware V2 2.24 A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext unless specific security measures at other layers (e.g., full-disk encryption) have been enabled. | 4.6 |
| 2024-07-01 | CVE-2024-39878 | Insufficiently Protected Credentials vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection | 5.3 |