Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-19 | CVE-2020-7233 | Insufficiently Protected Credentials vulnerability in Kmccontrols Bac-A1616Bc Firmware KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOOR_NAME variable in the BC_Logon.swf file. | 9.8 |
| 2020-01-18 | CVE-2019-19696 | Insufficiently Protected Credentials vulnerability in Trendmicro Password Manager A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishing sites. | 5.5 |
| 2020-01-16 | CVE-2019-12423 | Insufficiently Protected Credentials vulnerability in multiple products Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. | 7.5 |
| 2020-01-15 | CVE-2020-2095 | Insufficiently Protected Credentials vulnerability in Jenkins Redgate SQL Change Automation Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 4.3 |
| 2020-01-13 | CVE-2014-6039 | Insufficiently Protected Credentials vulnerability in Zohocorp Manageengine Eventlog Analyzer ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. | 7.5 |
| 2020-01-13 | CVE-2014-5381 | Insufficiently Protected Credentials vulnerability in Granding Grand Ma300 Firmware 6.60 Grand MA 300 allows a brute-force attack on the PIN. | 9.8 |
| 2020-01-10 | CVE-2012-3823 | Insufficiently Protected Credentials vulnerability in Arialsoftware Campaign Enterprise Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved. | 7.5 |
| 2020-01-10 | CVE-2019-4508 | Insufficiently Protected Credentials vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.3.1/7.3.2 IBM QRadar SIEM 7.3.0 through 7.3.3 uses weak credential storage in some instances which could be decrypted by a local attacker. | 7.8 |
| 2020-01-10 | CVE-2014-5093 | Insufficiently Protected Credentials vulnerability in Status2K Status2k does not remove the install directory allowing credential reset. | 9.8 |
| 2020-01-07 | CVE-2019-6700 | Insufficiently Protected Credentials vulnerability in Fortinet Fortisiem An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code. | 6.5 |