Vulnerabilities > Insufficiently Protected Credentials

DATE CVE VULNERABILITY TITLE RISK
2024-02-02 CVE-2024-21869 Insufficiently Protected Credentials vulnerability in Rapidscada Rapid Scada
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores plaintext credentials in various places.
local
low complexity
rapidscada CWE-522
5.5
2024-01-25 CVE-2024-22432 Insufficiently Protected Credentials vulnerability in Dell Networker
Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups.
local
low complexity
dell CWE-522
6.5
2024-01-16 CVE-2023-49106 Insufficiently Protected Credentials vulnerability in Hitachi Device Manager
Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent component).This issue affects Hitachi Device Manager: before 8.8.5-04.
network
low complexity
hitachi CWE-522
7.5
2024-01-11 CVE-2023-50125 Insufficiently Protected Credentials vulnerability in Hozard Alarm System 1.0
A default engineer password set on the Hozard alarm system (Alarmsysteem) v1.0 allows an attacker to bring the alarm system to a disarmed state.
network
high complexity
hozard CWE-522
5.9
2024-01-10 CVE-2023-29447 Insufficiently Protected Credentials vulnerability in PTC products
An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication.
high complexity
ptc CWE-522
5.3
2024-01-01 CVE-2023-6421 Insufficiently Protected Credentials vulnerability in Wpdownloadmanager Wordpress Download Manager
The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.
network
low complexity
wpdownloadmanager CWE-522
7.5
2023-12-25 CVE-2022-39820 Insufficiently Protected Credentials vulnerability in Nokia Network Functions Manager for Transport 19.9
In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml.
network
low complexity
nokia CWE-522
6.5
2023-12-18 CVE-2023-47741 Insufficiently Protected Credentials vulnerability in IBM DB2 Mirror for I and I
IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected.
low complexity
ibm CWE-522
5.3
2023-12-13 CVE-2023-6791 Insufficiently Protected Credentials vulnerability in Paloaltonetworks Pan-Os
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface.
network
low complexity
paloaltonetworks CWE-522
4.9
2023-12-13 CVE-2023-50770 Insufficiently Protected Credentials vulnerability in Jenkins Openid
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins.
local
low complexity
jenkins CWE-522
6.7