Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-13 | CVE-2023-33620 | Insufficiently Protected Credentials vulnerability in Gl-Inet Gl-Ar750S Firmware 3.215 GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack. | 5.9 |
| 2023-06-13 | CVE-2023-26204 | Insufficiently Protected Credentials vulnerability in Fortinet Fortisiem A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may allow an attacker able to access user DB content to impersonate any admin user on the device GUI. | 9.8 |
| 2023-06-07 | CVE-2023-29168 | Insufficiently Protected Credentials vulnerability in PTC Vuforia Studio The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication. | 7.5 |
| 2023-06-06 | CVE-2023-27126 | Insufficiently Protected Credentials vulnerability in Tp-Link Tapo C200 Firmware 1.2.2 The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. | 4.6 |
| 2023-06-05 | CVE-2023-22862 | Insufficiently Protected Credentials vulnerability in IBM Aspera Cargo and Aspera Connect IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. | 7.5 |
| 2023-05-30 | CVE-2023-31187 | Insufficiently Protected Credentials vulnerability in Avaya IX Workforce Engagement 15.2.7.1195 Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials | 6.5 |
| 2023-05-29 | CVE-2023-32687 | Insufficiently Protected Credentials vulnerability in Tgstation13 Tgstation-Server tgstation-server is a toolset to manage production BYOND servers. | 6.5 |
| 2023-05-25 | CVE-2023-33263 | Insufficiently Protected Credentials vulnerability in Wftpd Project Wftpd 3.25 In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini configuration file within the WFTPD directory. | 7.5 |
| 2023-05-25 | CVE-2023-2881 | Insufficiently Protected Credentials vulnerability in Pimcore Customer-Data-Framework Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10. | 4.9 |
| 2023-05-22 | CVE-2023-33264 | Insufficiently Protected Credentials vulnerability in Hazelcast In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. | 4.3 |