Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-12 | CVE-2021-20410 | Insufficiently Protected Credentials vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. | 5.3 |
| 2021-02-12 | CVE-2021-27187 | Insufficiently Protected Credentials vulnerability in Xn--B1Agzlht FX Aggregator Terminal Client 1.0 The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 stores authentication credentials in cleartext in login.sav when the Save Password box is checked. | 7.5 |
| 2021-02-08 | CVE-2020-14391 | Insufficiently Protected Credentials vulnerability in Gnome Control Center A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. | 5.5 |
| 2021-02-05 | CVE-2020-10554 | Insufficiently Protected Credentials vulnerability in Psyprax An issue was discovered in Psyprax beforee 3.2.2. | 7.5 |
| 2021-01-29 | CVE-2020-29005 | Insufficiently Protected Credentials vulnerability in Mediawiki The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure. | 7.5 |
| 2021-01-19 | CVE-2020-27258 | Insufficiently Protected Credentials vulnerability in Sooil Anydana-A, Anydana-I and Dana Diabecare RS Firmware In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, an information disclosure vulnerability in the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows unauthenticated attackers to extract the pump’s keypad lock PIN via Bluetooth Low Energy. | 6.5 |
| 2021-01-19 | CVE-2020-27270 | Insufficiently Protected Credentials vulnerability in Sooil products SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via (BLE). | 5.7 |
| 2021-01-15 | CVE-2021-0220 | Insufficiently Protected Credentials vulnerability in Juniper Junos Space The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. | 6.8 |
| 2021-01-15 | CVE-2021-0212 | Insufficiently Protected Credentials vulnerability in Juniper Contrail Networking An Information Exposure vulnerability in Juniper Networks Contrail Networking allows a locally authenticated attacker able to read files to retrieve administrator credentials stored in plaintext thereby elevating their privileges over the system. | 5.0 |
| 2021-01-14 | CVE-2021-22132 | Insufficiently Protected Credentials vulnerability in multiple products Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. | 4.8 |