Vulnerabilities > Insufficiently Protected Credentials
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-06-01 | CVE-2014-8938 | Insufficiently Protected Credentials vulnerability in Piwigo Lexiglot 20141110 Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line. | 2.1 |
2020-05-28 | CVE-2020-4232 | Insufficiently Protected Credentials vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the system. | 5.0 |
2020-05-18 | CVE-2020-13154 | Insufficiently Protected Credentials vulnerability in Zohocorp Manageengine Servicedesk Plus 11.1 Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet. | 4.0 |
2020-05-14 | CVE-2019-13023 | Insufficiently Protected Credentials vulnerability in Jetstream Jetselect An issue was discovered in all versions of Bond JetSelect. | 4.0 |
2020-05-14 | CVE-2019-13022 | Insufficiently Protected Credentials vulnerability in Jetstream Jetselect Bond JetSelect (all versions) has an issue in the Java class (ENCtool.jar) and corresponding password generation algorithm (used to set initial passwords upon first installation). | 10.0 |
2020-05-14 | CVE-2019-13021 | Insufficiently Protected Credentials vulnerability in Jetstream Jetselect The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. | 4.0 |
2020-05-11 | CVE-2020-12752 | Insufficiently Protected Credentials vulnerability in Google Android 10.0/9.0 An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. | 5.0 |
2020-05-07 | CVE-2014-1423 | Insufficiently Protected Credentials vulnerability in multiple products signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. | 4.3 |
2020-05-07 | CVE-2020-10972 | Insufficiently Protected Credentials vulnerability in Wavlink products An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. | 5.0 |
2020-05-07 | CVE-2019-18868 | Insufficiently Protected Credentials vulnerability in Blaauwproducts Remote Kiln Control 3.0.0 Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak. | 5.0 |