Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-03 | CVE-2021-22681 | Insufficiently Protected Credentials vulnerability in Rockwellautomation products Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. | 9.8 |
| 2021-02-27 | CVE-2021-25284 | Insufficiently Protected Credentials vulnerability in multiple products An issue was discovered in through SaltStack Salt before 3002.5. | 4.4 |
| 2021-02-23 | CVE-2021-3252 | Insufficiently Protected Credentials vulnerability in Kaco-Newenergy Xp100U Firmware Xpjava2.0 KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. | 7.5 |
| 2021-02-18 | CVE-2021-20445 | Insufficiently Protected Credentials vulnerability in IBM Maximo for Civil Infrastructure 7.6.2 IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. | 6.5 |
| 2021-02-18 | CVE-2020-9306 | Insufficiently Protected Credentials vulnerability in Tesla Solarcity Solar Monitoring Gateway 5.46.43 Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account. | 8.8 |
| 2021-02-12 | CVE-2021-20410 | Insufficiently Protected Credentials vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. | 5.3 |
| 2021-02-12 | CVE-2021-27187 | Insufficiently Protected Credentials vulnerability in Xn--B1Agzlht FX Aggregator Terminal Client 1.0 The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 stores authentication credentials in cleartext in login.sav when the Save Password box is checked. | 7.5 |
| 2021-02-05 | CVE-2020-10554 | Insufficiently Protected Credentials vulnerability in Psyprax An issue was discovered in Psyprax beforee 3.2.2. | 7.5 |
| 2021-01-29 | CVE-2020-29005 | Insufficiently Protected Credentials vulnerability in Mediawiki The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure. | 7.5 |
| 2021-01-19 | CVE-2020-27258 | Insufficiently Protected Credentials vulnerability in Sooil Anydana-A, Anydana-I and Dana Diabecare RS Firmware In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, an information disclosure vulnerability in the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows unauthenticated attackers to extract the pump’s keypad lock PIN via Bluetooth Low Energy. | 6.5 |