Vulnerabilities > Insufficiently Protected Credentials

DATE CVE VULNERABILITY TITLE RISK
2019-01-09 CVE-2018-1000425 Insufficiently Protected Credentials vulnerability in Sonarsource Sonarqube Scanner
An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtain the credentials used to connect to SonarQube.
local
low complexity
sonarsource CWE-522
7.8
7.8
2019-01-09 CVE-2018-1000424 Insufficiently Protected Credentials vulnerability in Jfrog Artifactory
An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin.
local
low complexity
jfrog CWE-522
7.8
7.8
2019-01-09 CVE-2018-1000423 Insufficiently Protected Credentials vulnerability in Atlassian Crowd2
An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2.
local
low complexity
atlassian CWE-522
7.8
7.8
2018-12-28 CVE-2018-1000627 Insufficiently Protected Credentials vulnerability in Battelle V2I HUB 2.5.1
Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file.
network
low complexity
battelle CWE-522
critical
 9.8
9.8
2018-12-26 CVE-2018-11742 Insufficiently Protected Credentials vulnerability in NEC Univerge Sv9100 Webpro Firmware 6.00.00
NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI.
network
low complexity
nec CWE-522
critical
 9.8
9.8
2018-12-25 CVE-2018-20445 Insufficiently Protected Credentials vulnerability in Dlink Dcm-604 Firmware and Dcm-704 Firmware
D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32 and iso.3.6.1.4.1.4413.2.2.2.1.5.4.2.4.1.2.32 SNMP requests.
network
low complexity
dlink CWE-522
critical
 9.8
9.8
2018-12-25 CVE-2018-20444 Insufficiently Protected Credentials vulnerability in Technicolor Cga0111 Firmware Cga0111Ees13E23Ec8000R57121702170829Tru
Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.
network
low complexity
technicolor CWE-522
critical
 9.8
9.8
2018-12-25 CVE-2018-20443 Insufficiently Protected Credentials vulnerability in Technicolor Tc7200.D1I Firmware Tc7200.D1Ien23Ec7000R5712170406Hat
Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.
network
low complexity
technicolor CWE-522
critical
 9.8
9.8
2018-12-25 CVE-2018-20442 Insufficiently Protected Credentials vulnerability in Technicolor Tc7110.B Firmware Stc8.62.02
Technicolor TC7110.B STC8.62.02 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.
network
low complexity
technicolor CWE-522
critical
 9.8
9.8
2018-12-25 CVE-2018-20441 Insufficiently Protected Credentials vulnerability in Technicolor Tc7200.Th2V2 Firmware Sc05.00.22
Technicolor TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.
network
low complexity
technicolor CWE-522
critical
 9.8
9.8