Vulnerabilities > Insufficiently Protected Credentials

DATE CVE VULNERABILITY TITLE RISK
2018-01-26 CVE-2017-1000387 Insufficiently Protected Credentials vulnerability in Jenkins Build-Publisher
Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.build_publisher.BuildPublisher.xml in the Jenkins master home directory.
local
low complexity
jenkins CWE-522
7.8
2017-12-20 CVE-2017-16731 Insufficiently Protected Credentials vulnerability in Hitachienergy Ellipse 8.3.0/8.9.0
An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select).
low complexity
hitachienergy CWE-522
8.8
2017-12-19 CVE-2017-17106 Insufficiently Protected Credentials vulnerability in Zivif Pr115-204-P-Rs Firmware 2.3.4.2103
Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request.
network
low complexity
zivif CWE-522
critical
9.8
2017-12-16 CVE-2017-3192 Insufficiently Protected Credentials vulnerability in D-Link Dir-130 Firmware and Dir-330 Firmware
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials.
network
low complexity
d-link CWE-522
critical
9.8
2017-11-17 CVE-2017-14111 Insufficiently Protected Credentials vulnerability in Philips Intellispace Cardiovascular and Xcelera
The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements.
network
low complexity
philips CWE-522
7.2
2017-11-15 CVE-2017-15272 Insufficiently Protected Credentials vulnerability in Psftp Psftpd 10.0.4
The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat.
local
low complexity
psftp CWE-522
5.3
2017-11-13 CVE-2017-14711 Insufficiently Protected Credentials vulnerability in Kickbase Bundesliga Manager
The Kickbase GmbH "Kickbase Bundesliga Manager" app before 2.2.1 -- aka kickbase-bundesliga-manager/id678241305 -- for iOS is vulnerable to a credentials leak due to transmitting a username and password in cleartext from client to server during registration and authentication.
network
high complexity
kickbase CWE-522
8.1
2017-11-01 CVE-2017-15918 Insufficiently Protected Credentials vulnerability in Ignitum Sera 1.2
Sera 1.2 stores the user's login password in plain text in their home directory.
local
low complexity
ignitum CWE-522
7.8
2017-11-01 CVE-2017-1000245 Insufficiently Protected Credentials vulnerability in Jenkins SSH
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol.
network
low complexity
jenkins CWE-522
critical
9.8
2017-10-17 CVE-2017-3760 Insufficiently Protected Credentials vulnerability in Lenovo Service Framework
The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data.
network
high complexity
lenovo CWE-522
8.1