Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-08 | CVE-2019-12171 | Insufficiently Protected Credentials vulnerability in Dropbox 71.4.108.0 Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. | 7.8 |
| 2019-07-08 | CVE-2019-13400 | Insufficiently Protected Credentials vulnerability in Fortinet Fcm-Mb40 Firmware 1.2.0.0 Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. | 9.8 |
| 2019-07-03 | CVE-2019-9873 | Insufficiently Protected Credentials vulnerability in Jetbrains Intellij Idea In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. | 9.8 |
| 2019-07-03 | CVE-2019-9872 | Insufficiently Protected Credentials vulnerability in Jetbrains Intellij Idea In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. | 8.1 |
| 2019-07-03 | CVE-2019-9823 | Insufficiently Protected Credentials vulnerability in Jetbrains Intellij Idea In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. | 9.8 |
| 2019-07-03 | CVE-2019-12847 | Insufficiently Protected Credentials vulnerability in Jetbrains HUB In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. | 7.2 |
| 2019-07-02 | CVE-2019-13179 | Insufficiently Protected Credentials vulnerability in Calamares Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /crypto_keyfile.bin (mode 0600 owned by root) to /boot within a globally readable initramfs image with insecure permissions, which allows this originally protected file to be read by any user, thereby disclosing decryption keys for LUKS containers created with Full Disk Encryption. | 7.5 |
| 2019-07-02 | CVE-2019-7260 | Insufficiently Protected Credentials vulnerability in Nortekcontrol products Linear eMerge E3-Series devices have Cleartext Credentials in a Database. | 9.8 |
| 2019-07-01 | CVE-2019-7271 | Insufficiently Protected Credentials vulnerability in Nortekcontrol products Nortek Linear eMerge 50P/5000P devices have Default Credentials. | 9.8 |
| 2019-06-29 | CVE-2019-13054 | Insufficiently Protected Credentials vulnerability in Logitech R500 Firmware The Logitech R500 presentation clicker allows attackers to determine the AES key, leading to keystroke injection. | 6.5 |