Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-08 | CVE-2019-3780 | Insufficiently Protected Credentials vulnerability in Cloudfoundry Container Runtime Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. | 8.8 |
| 2019-02-15 | CVE-2019-4059 | Insufficiently Protected Credentials vulnerability in IBM Rational Clearcase IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. | 9.8 |
| 2019-02-13 | CVE-2019-3782 | Insufficiently Protected Credentials vulnerability in Cloudfoundry Credhub CLI Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. | 7.8 |
| 2019-02-12 | CVE-2019-6549 | Insufficiently Protected Credentials vulnerability in Kunbus Pr100088 Modbus Gateway Firmware 1.0.10232/1.1.13166 An attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) through FTP. | 7.2 |
| 2019-02-12 | CVE-2018-20781 | Insufficiently Protected Credentials vulnerability in multiple products In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. | 7.8 |
| 2019-02-08 | CVE-2019-6242 | Insufficiently Protected Credentials vulnerability in Kentico 10.0.42 Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. | 7.2 |
| 2019-02-04 | CVE-2019-1000001 | Insufficiently Protected Credentials vulnerability in Teampass TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. | 9.8 |
| 2019-02-01 | CVE-2019-7300 | Insufficiently Protected Credentials vulnerability in Articatech Artica Proxy 3.06.200056 Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field. | 7.2 |
| 2019-01-10 | CVE-2018-15456 | Insufficiently Protected Credentials vulnerability in Cisco Identity Services Engine A vulnerability in the Admin Portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to view saved passwords in plain text. | 4.9 |
| 2019-01-10 | CVE-2018-0474 | Insufficiently Protected Credentials vulnerability in Cisco Unified Communications Manager 10.5(2.14076.1) A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. | 8.8 |