Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-06 | CVE-2024-5657 | Insufficiently Protected Credentials vulnerability in Born05 Two-Factor Authentication 3.3.1/3.3.2/3.3.3 The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP. | 8.1 |
| 2024-05-14 | CVE-2023-42955 | Insufficiently Protected Credentials vulnerability in Claris Filemaker Server Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. | 4.9 |
| 2024-05-08 | CVE-2024-28971 | Insufficiently Protected Credentials vulnerability in Dell Openmanage Enterprise Update Manager Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. | 4.9 |
| 2024-05-07 | CVE-2024-4536 | Insufficiently Protected Credentials vulnerability in Eclipse EDC Connector In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component ( https://github.com/eclipse-edc/Connector ), an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security vulnerability in the EDC Connector component ( https://github.com/eclipse-edc/Connector ) regarding the OAuth2-protected data sink feature. | 5.3 |
| 2024-05-02 | CVE-2024-3543 | Insufficiently Protected Credentials vulnerability in Progress Loadmaster 7.2.48.11 Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system. | 7.5 |
| 2024-04-29 | CVE-2024-28961 | Insufficiently Protected Credentials vulnerability in Dell Openmanage Enterprise 4.0/4.0.1 Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. | 7.8 |
| 2024-03-18 | CVE-2022-47037 | Insufficiently Protected Credentials vulnerability in Siklu TG Firmware Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials. | 7.5 |
| 2024-03-05 | CVE-2024-21815 | Insufficiently Protected Credentials vulnerability in Gallagher Command Centre Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. | 6.5 |
| 2024-02-21 | CVE-2024-26133 | Insufficiently Protected Credentials vulnerability in Kurrent Eventstoredb EventStoreDB (ESDB) is an operational database built to store events. | 4.9 |
| 2024-02-15 | CVE-2023-4538 | Insufficiently Protected Credentials vulnerability in Comarch ERP XL The database access credentials configured during installation are stored in a special table, and are encrypted with a shared key, same among all Comarch ERP XL client installations. | 6.5 |