Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-26 | CVE-2020-27839 | Insufficiently Protected Credentials vulnerability in Redhat Ceph A flaw was found in ceph-dashboard. | 5.4 |
| 2021-05-26 | CVE-2019-25030 | Insufficiently Protected Credentials vulnerability in Versa-Networks products In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. | 5.5 |
| 2021-05-26 | CVE-2021-29253 | Insufficiently Protected Credentials vulnerability in RSA Archer The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2) is affected by an insecure credential storage vulnerability. | 5.5 |
| 2021-05-24 | CVE-2021-20389 | Insufficiently Protected Credentials vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 stores user credentials in plain clear text which can be read by a local user. | 7.8 |
| 2021-05-21 | CVE-2020-12061 | Insufficiently Protected Credentials vulnerability in Nitrokey Fido U2F Firmware An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. | 9.8 |
| 2021-05-20 | CVE-2020-24396 | Insufficiently Protected Credentials vulnerability in Hom.Ee Brain Cube Core 2.28.2/2.28.4 homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive SSH keys within downloadable and unencrypted firmware images. | 7.5 |
| 2021-05-17 | CVE-2021-29043 | Insufficiently Protected Credentials vulnerability in Liferay DXP 7.0 The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 does not obfuscate the S3 store's proxy password, which allows attackers to steal the proxy password via man-in-the-middle attacks or shoulder surfing. | 5.9 |
| 2021-05-13 | CVE-2021-20997 | Insufficiently Protected Credentials vulnerability in Wago products In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users. | 7.5 |
| 2021-05-06 | CVE-2021-27941 | Insufficiently Protected Credentials vulnerability in Coolkit Ewelink Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during a device pairing process. | 4.6 |
| 2021-04-28 | CVE-2020-21994 | Insufficiently Protected Credentials vulnerability in AVE products AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack. | 9.8 |