Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-23 | CVE-2012-6663 | Insufficiently Protected Credentials vulnerability in GE D200 Firmware and D20Me Firmware General Electric D20ME devices are not properly configured and reveal plaintext passwords. | 7.5 |
| 2020-01-23 | CVE-2019-19898 | Insufficiently Protected Credentials vulnerability in Ixpdata Easyinstall 6.2.13723 In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP port 20050 when using the Administrator console remotely. | 7.5 |
| 2020-01-22 | CVE-2019-19843 | Insufficiently Protected Credentials vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache. | 9.8 |
| 2020-01-19 | CVE-2020-7233 | Insufficiently Protected Credentials vulnerability in Kmccontrols Bac-A1616Bc Firmware KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOOR_NAME variable in the BC_Logon.swf file. | 9.8 |
| 2020-01-18 | CVE-2019-19696 | Insufficiently Protected Credentials vulnerability in Trendmicro Password Manager A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishing sites. | 5.5 |
| 2020-01-16 | CVE-2019-12423 | Insufficiently Protected Credentials vulnerability in multiple products Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. | 7.5 |
| 2020-01-15 | CVE-2020-2095 | Insufficiently Protected Credentials vulnerability in Jenkins Redgate SQL Change Automation Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 4.3 |
| 2020-01-13 | CVE-2014-6039 | Insufficiently Protected Credentials vulnerability in Zohocorp Manageengine Eventlog Analyzer ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. | 7.5 |
| 2020-01-13 | CVE-2014-5381 | Insufficiently Protected Credentials vulnerability in Granding Grand Ma300 Firmware 6.60 Grand MA 300 allows a brute-force attack on the PIN. | 9.8 |
| 2020-01-10 | CVE-2012-3823 | Insufficiently Protected Credentials vulnerability in Arialsoftware Campaign Enterprise Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved. | 7.5 |