Vulnerabilities > Insufficiently Protected Credentials

DATE CVE VULNERABILITY TITLE RISK
2018-07-09 CVE-2018-1000404 Insufficiently Protected Credentials vulnerability in Jenkins AWS Codebuild
Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSClientFactory.java, CodeBuilder.java that can result in Credentials Disclosure.
local
low complexity
jenkins CWE-522
7.8
7.8
2018-07-09 CVE-2018-1000403 Insufficiently Protected Credentials vulnerability in Jenkins AWS Codedeploy
Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodeDeployPublisher.java that can result in Credentials Disclosure.
local
low complexity
jenkins CWE-522
7.8
7.8
2018-07-09 CVE-2018-1000401 Insufficiently Protected Credentials vulnerability in Jenkins AWS Codepipeline
Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials Disclosure.
local
low complexity
jenkins CWE-522
7.8
7.8
2018-07-06 CVE-2017-2665 Insufficiently Protected Credentials vulnerability in multiple products
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user.
local
high complexity
mongodb redhat CWE-522
7.0
7.0
2018-07-03 CVE-2018-11639 Insufficiently Protected Credentials vulnerability in Dialogic Powermedia XMS 3.5
Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to access a user's password in cleartext.
network
high complexity
dialogic CWE-522
8.1
8.1
2018-07-03 CVE-2018-11634 Insufficiently Protected Credentials vulnerability in Dialogic Powermedia XMS 3.5
Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db.
local
low complexity
dialogic CWE-522
7.8
7.8
2018-07-03 CVE-2018-7782 Insufficiently Protected Credentials vulnerability in Schneider-Electric products
In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text.
network
low complexity
schneider-electric CWE-522
8.8
8.8
2018-07-03 CVE-2018-11746 Insufficiently Protected Credentials vulnerability in Puppet Discovery 1.0.0/1.0.1/1.1.0
In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available.
network
low complexity
puppet CWE-522
critical
 9.8
9.8
2018-06-29 CVE-2018-13014 Insufficiently Protected Credentials vulnerability in Safensoft Enterprise Suite, Syswatch and Tpsecure
Storing password in recoverable format in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.2 allows the local attacker to restore the SysWatch password from the settings database and modify program settings.
local
low complexity
safensoft CWE-522
7.8
7.8
2018-06-26 CVE-2018-1000610 Insufficiently Protected Credentials vulnerability in Jenkins Configuration AS Code
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords configured using Configuration as Code Plugin.
network
low complexity
jenkins CWE-522
8.8
8.8