Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-02 | CVE-2018-11748 | Insufficiently Protected Credentials vulnerability in Puppet Device Manager Previous releases of the Puppet device_manager module creates configuration files containing credentials that are world readable. | 7.8 |
| 2018-10-02 | CVE-2018-16984 | Insufficiently Protected Credentials vulnerability in Djangoproject Django 2.1/2.1.1 An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. | 4.9 |
| 2018-10-02 | CVE-2018-1498 | Insufficiently Protected Credentials vulnerability in IBM Security Guardium 10.5 IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. | 7.8 |
| 2018-09-28 | CVE-2018-17613 | Insufficiently Protected Credentials vulnerability in Telegram Desktop 1.3.16 Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol. | 9.8 |
| 2018-09-18 | CVE-2018-16669 | Insufficiently Protected Credentials vulnerability in Circontrol Open Charge Point Protocol 1.0.0 An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. | 9.8 |
| 2018-09-14 | CVE-2018-10814 | Insufficiently Protected Credentials vulnerability in Synametrics Synaman 4.0 Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials. | 7.8 |
| 2018-09-13 | CVE-2018-16987 | Insufficiently Protected Credentials vulnerability in Squashtest Squash TM Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code. | 7.2 |
| 2018-09-07 | CVE-2017-17691 | Insufficiently Protected Credentials vulnerability in Contronics Homeputer CL Studio FUR Homematic Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack. | 8.1 |
| 2018-09-06 | CVE-2017-16714 | Insufficiently Protected Credentials vulnerability in Iceqube Thermal Management Center Firmware 3.18 In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication. | 9.8 |
| 2018-08-30 | CVE-2018-13822 | Insufficiently Protected Credentials vulnerability in Broadcom Project Portfolio Management Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information. | 7.5 |