Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-02 | CVE-2020-8183 | Insufficiently Protected Credentials vulnerability in Nextcloud Server A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call. | 7.5 |
| 2020-10-27 | CVE-2020-27888 | Insufficiently Protected Credentials vulnerability in UI products An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices. | 7.5 |
| 2020-10-26 | CVE-2020-7196 | Insufficiently Protected Credentials vulnerability in HP Bluedata Epic and Ezmeral Container Platform The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. | 6.5 |
| 2020-10-16 | CVE-2020-1669 | Insufficiently Protected Credentials vulnerability in Juniper Junos 19.4/20.1 The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. | 6.3 |
| 2020-10-16 | CVE-2020-15157 | Insufficiently Protected Credentials vulnerability in multiple products In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. | 6.1 |
| 2020-10-14 | CVE-2020-3483 | Insufficiently Protected Credentials vulnerability in Cisco DUO Network Gateway 1.3.3/1.5.7 Duo has identified and fixed an issue with the Duo Network Gateway (DNG) product in which some customer-provided SSL certificates and private keys were not excluded from logging. | 6.3 |
| 2020-10-13 | CVE-2018-20243 | Insufficiently Protected Credentials vulnerability in Apache Fineract The implementation of POST with the username and password in the URL parameters exposed the credentials. | 7.5 |
| 2020-10-08 | CVE-2020-13344 | Insufficiently Protected Credentials vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. | 4.4 |
| 2020-10-08 | CVE-2020-2291 | Insufficiently Protected Credentials vulnerability in Jenkins Couchdb-Statistics Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 3.3 |
| 2020-10-08 | CVE-2020-2297 | Insufficiently Protected Credentials vulnerability in Jenkins SMS Notification 1.0.1/1.1/1.2 Jenkins SMS Notification Plugin 1.2 and earlier stores an access token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 3.3 |