Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-31 | CVE-2019-10329 | Insufficiently Protected Credentials vulnerability in Eficode Influxdb Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 |
| 2019-05-29 | CVE-2019-12452 | Insufficiently Protected Credentials vulnerability in Traefik types/types.go in Containous Traefik 1.7.x through 1.7.11, when the --api flag is used and the API is publicly reachable and exposed without sufficient access control (which is contrary to the API documentation), allows remote authenticated users to discover password hashes by reading the Basic HTTP Authentication or Digest HTTP Authentication section, or discover a key by reading the ClientTLS section. | 3.5 |
| 2019-05-29 | CVE-2019-4138 | Insufficiently Protected Credentials vulnerability in IBM Spectrum Control IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 4.3 |
| 2019-05-22 | CVE-2019-5627 | Insufficiently Protected Credentials vulnerability in Bluecats BC Reveal The iOS mobile application BlueCats Reveal before 5.14 stores the username and password in the app cache as base64 encoded strings, i.e. | 2.1 |
| 2019-05-22 | CVE-2019-5626 | Insufficiently Protected Credentials vulnerability in Bluecats Reveal 3.0.18 The Android mobile application BlueCats Reveal before 3.0.19 stores the username and password in a clear text file. | 2.1 |
| 2019-05-22 | CVE-2019-5625 | Insufficiently Protected Credentials vulnerability in Eaton Halo Home 1.9.0 The Android mobile application Halo Home before 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file. | 3.6 |
| 2019-05-22 | CVE-2019-12046 | Insufficiently Protected Credentials vulnerability in multiple products LemonLDAP::NG -2.0.3 has Incorrect Access Control. | 7.5 |
| 2019-05-17 | CVE-2019-10139 | Insufficiently Protected Credentials vulnerability in Ovirt Cockpit-Ovirt During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text. | 7.8 |
| 2019-05-17 | CVE-2019-0120 | Insufficiently Protected Credentials vulnerability in Intel products Insufficient key protection vulnerability in silicon reference firmware for Intel(R) Pentium(R) Processor J Series, Intel(R) Pentium(R) Processor N Series, Intel(R) Celeron(R) J Series, Intel(R) Celeron(R) N Series, Intel(R) Atom(R) Processor A Series, Intel(R) Atom(R) Processor E3900 Series, Intel(R) Pentium(R) Processor Silver Series may allow a privileged user to potentially enable denial of service via local access. | 2.1 |
| 2019-05-16 | CVE-2019-0881 | Insufficiently Protected Credentials vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |