Vulnerabilities > Insufficiently Protected Credentials
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-03-08 | CVE-2019-3780 | Insufficiently Protected Credentials vulnerability in Cloudfoundry Container Runtime Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. | 6.5 |
2019-02-15 | CVE-2019-4059 | Insufficiently Protected Credentials vulnerability in IBM Rational Clearcase IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. | 9.8 |
2019-02-13 | CVE-2019-3782 | Insufficiently Protected Credentials vulnerability in Cloudfoundry Credhub CLI Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. | 2.1 |
2019-02-12 | CVE-2018-20781 | Insufficiently Protected Credentials vulnerability in multiple products In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. | 2.1 |
2019-02-08 | CVE-2019-6242 | Insufficiently Protected Credentials vulnerability in Kentico 10.0.42 Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. | 7.2 |
2019-02-04 | CVE-2019-1000001 | Insufficiently Protected Credentials vulnerability in Teampass TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. | 5.0 |
2019-02-01 | CVE-2019-7300 | Insufficiently Protected Credentials vulnerability in Articatech Artica Proxy 3.06.200056 Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field. | 9.0 |
2019-01-10 | CVE-2018-15456 | Insufficiently Protected Credentials vulnerability in Cisco Identity Services Engine A vulnerability in the Admin Portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to view saved passwords in plain text. | 4.0 |
2019-01-10 | CVE-2018-0474 | Insufficiently Protected Credentials vulnerability in Cisco Unified Communications Manager 10.5(2.14076.1) A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. | 4.0 |
2019-01-09 | CVE-2018-1000425 | Insufficiently Protected Credentials vulnerability in Sonarsource Sonarqube Scanner An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtain the credentials used to connect to SonarQube. | 2.1 |