Vulnerabilities > Insufficiently Protected Credentials
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-20 | CVE-2023-25532 | Insufficiently Protected Credentials vulnerability in Nvidia DGX H100 Firmware NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. | 7.5 |
2023-09-14 | CVE-2023-41010 | Insufficiently Protected Credentials vulnerability in Tianyisc Tewa-700G Firmware Insecure Permissions vulnerability in Sichuan Tianyi Kanghe Communication Co., Ltd China Telecom Tianyi Home Gateway v.TEWA-700G allows a local attacker to obtain sensitive information via the default password parameter. | 5.5 |
2023-09-05 | CVE-2023-32338 | Insufficiently Protected Credentials vulnerability in IBM products IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. | 5.5 |
2023-08-29 | CVE-2023-3251 | Insufficiently Protected Credentials vulnerability in Tenable Nessus A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0. | 4.9 |
2023-08-22 | CVE-2022-45611 | Insufficiently Protected Credentials vulnerability in Fresenius-Kabi Pharmahelp Firmware 5.1.759.0 An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated privileges via via capture of user login information. | 9.8 |
2023-08-18 | CVE-2023-40173 | Insufficiently Protected Credentials vulnerability in Fobybus Social-Media-Skeleton Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. | 7.5 |
2023-08-17 | CVE-2023-31492 | Insufficiently Protected Credentials vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users. | 6.5 |
2023-08-16 | CVE-2023-40345 | Insufficiently Protected Credentials vulnerability in Jenkins Delphix Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to. | 6.5 |
2023-08-16 | CVE-2023-40347 | Insufficiently Protected Credentials vulnerability in Jenkins Maven Artifact Choicelistprovider (Nexus) Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. | 6.5 |
2023-08-14 | CVE-2023-20965 | Insufficiently Protected Credentials vulnerability in Google Android 13.0 In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. | 9.8 |