Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-03 | CVE-2017-2751 | Insufficiently Protected Credentials vulnerability in HP products A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. | 4.6 |
| 2018-10-03 | CVE-2018-17969 | Insufficiently Protected Credentials vulnerability in Samsung Scx-6545X Firmware 2.00.03.01 Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote attackers to discover cleartext credentials via iso.3.6.1.4.1.236.11.5.11.81.10.1.5.0 and iso.3.6.1.4.1.236.11.5.11.81.10.1.6.0 SNMP requests. | 9.8 |
| 2018-10-02 | CVE-2018-11752 | Insufficiently Protected Credentials vulnerability in Puppet Cisco IOS 0.1.0/0.2.0/0.3.0 Previous releases of the Puppet cisco_ios module output SSH session debug information including login credentials to a world readable file on every run. | 5.5 |
| 2018-10-02 | CVE-2018-11748 | Insufficiently Protected Credentials vulnerability in Puppet Device Manager Previous releases of the Puppet device_manager module creates configuration files containing credentials that are world readable. | 7.8 |
| 2018-10-02 | CVE-2018-16984 | Insufficiently Protected Credentials vulnerability in Djangoproject Django 2.1/2.1.1 An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. | 4.9 |
| 2018-10-02 | CVE-2018-1498 | Insufficiently Protected Credentials vulnerability in IBM Security Guardium 10.5 IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. | 7.8 |
| 2018-09-28 | CVE-2018-17613 | Insufficiently Protected Credentials vulnerability in Telegram Desktop 1.3.16 Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol. | 9.8 |
| 2018-09-18 | CVE-2018-16669 | Insufficiently Protected Credentials vulnerability in Circontrol Open Charge Point Protocol 1.0.0 An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. | 9.8 |
| 2018-09-14 | CVE-2018-10814 | Insufficiently Protected Credentials vulnerability in Synametrics Synaman 4.0 Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials. | 7.8 |
| 2018-09-13 | CVE-2018-16987 | Insufficiently Protected Credentials vulnerability in Squashtest Squash TM Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code. | 7.2 |