Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-14 | CVE-2020-25175 | Insufficiently Protected Credentials vulnerability in Gehealthcare products GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network. | 9.8 |
| 2020-12-11 | CVE-2020-28219 | Insufficiently Protected Credentials vulnerability in Schneider-Electric products A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoStruxure Geo SCADA Expert 2020 (Original release and Monthly Updates to September 2020, from 83.7551.1 to 83.7578.1), that could cause exposure of credentials to server-side users when web users are logged in to Virtual ViewX. | 7.8 |
| 2020-11-29 | CVE-2020-29380 | Insufficiently Protected Credentials vulnerability in Vsolcn products An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. | 5.9 |
| 2020-11-24 | CVE-2020-29054 | Insufficiently Protected Credentials vulnerability in Cdatatec products An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. | 9.8 |
| 2020-11-24 | CVE-2020-28330 | Insufficiently Protected Credentials vulnerability in Barco Wepresent Wipg-1600W Firmware 2.5.1.8 Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. | 6.5 |
| 2020-11-23 | CVE-2020-24227 | Insufficiently Protected Credentials vulnerability in Playgroundsessions Playground Sessions 2.5.582 Playground Sessions v2.5.582 (and earlier) for Windows, stores the user credentials in plain text allowing anyone with access to UserProfiles.sol to extract the email and password. | 7.5 |
| 2020-11-18 | CVE-2020-26079 | Insufficiently Protected Credentials vulnerability in Cisco IOT Field Network Director A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. | 4.9 |
| 2020-11-17 | CVE-2020-27557 | Insufficiently Protected Credentials vulnerability in Basetech Ge-131 Bt-1837836 Firmware 20180921 Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials. | 5.5 |
| 2020-11-17 | CVE-2020-27554 | Insufficiently Protected Credentials vulnerability in Basetech Ge-131 Bt-1837836 Firmware 20180921 Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device. | 7.5 |
| 2020-11-16 | CVE-2020-26508 | Insufficiently Protected Credentials vulnerability in Canon OCE Colorwave 3500 Firmware 5.1.1.0 The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI. | 9.8 |