Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-19 | CVE-2019-15655 | Insufficiently Protected Credentials vulnerability in Dlink Dsl-2875Al Firmware 1.00.05 D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web management server. | 7.5 |
| 2020-03-19 | CVE-2019-15653 | Insufficiently Protected Credentials vulnerability in Comba Ap2600-I - A02 - 0202N00Pd2 Firmware Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. | 7.5 |
| 2020-03-18 | CVE-2020-9324 | Insufficiently Protected Credentials vulnerability in Aquaforest Tiff Server 4.0 Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC. | 7.5 |
| 2020-03-13 | CVE-2019-13394 | Insufficiently Protected Credentials vulnerability in Netgear Cg3700B Firmware 2.02.03 The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP. | 9.8 |
| 2020-03-12 | CVE-2019-5648 | Insufficiently Protected Credentials vulnerability in Barracuda Load Balancer ADC Firmware Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. | 6.5 |
| 2020-03-11 | CVE-2019-9104 | Insufficiently Protected Credentials vulnerability in Moxa products An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. | 7.5 |
| 2020-03-10 | CVE-2019-10705 | Insufficiently Protected Credentials vulnerability in Westerndigital products Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials. | 7.5 |
| 2020-03-10 | CVE-2019-11686 | Insufficiently Protected Credentials vulnerability in Westerndigital products Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters (such as data encryption keys) to remain on the drive media after their intended erasure. | 5.5 |
| 2020-03-10 | CVE-2019-10706 | Insufficiently Protected Credentials vulnerability in Westerndigital products Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. | 6.3 |
| 2020-03-09 | CVE-2020-2145 | Insufficiently Protected Credentials vulnerability in Jenkins Zephyr Enterprise Test Management Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system. | 5.5 |