Vulnerabilities > Insufficiently Protected Credentials

DATE CVE VULNERABILITY TITLE RISK
2017-10-11 CVE-2017-5700 Insufficiently Protected Credentials vulnerability in Intel products
Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage.
local
low complexity
intel CWE-522
8.4
2017-10-05 CVE-2017-13998 Insufficiently Protected Credentials vulnerability in Loytec Lvis-3Me Firmware 6.1.1
An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0.
network
high complexity
loytec CWE-522
7.5
2017-10-05 CVE-2017-1378 Insufficiently Protected Credentials vulnerability in IBM Tivoli Storage Manager
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user.
local
low complexity
ibm CWE-522
7.8
2017-10-05 CVE-2017-1201 Insufficiently Protected Credentials vulnerability in IBM Bigfix Security Compliance Analytics 1.9.79
IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores user credentials in clear text which can be read by a local user.
local
low complexity
ibm CWE-522
7.8
2017-09-25 CVE-2017-1362 Insufficiently Protected Credentials vulnerability in IBM Security Identity Manager 6.0/7.0
IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user.
local
low complexity
ibm CWE-522
7.8
2017-09-13 CVE-2017-14418 Insufficiently Protected Credentials vulnerability in Dlink Dir-850L Firmware
The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV.
network
high complexity
dlink CWE-522
8.1
2017-09-07 CVE-2017-13771 Insufficiently Protected Credentials vulnerability in Lexmark Scan to Network 3.2.9
Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet.
network
low complexity
lexmark CWE-522
critical
9.8
2017-08-01 CVE-2017-4923 Insufficiently Protected Credentials vulnerability in VMWare Vcenter Server 6.5
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability.
network
low complexity
vmware CWE-522
critical
9.8
2017-07-20 CVE-2017-6532 Insufficiently Protected Credentials vulnerability in Televes Coaxdata Gateway 1Gbps Firmware 1.02.00144.20
Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 have cleartext credentials in /mib.db.
network
low complexity
televes CWE-522
critical
9.8
2017-07-17 CVE-2017-11349 Insufficiently Protected Credentials vulnerability in Datataker Dt8X Firmware 1.72.007
dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data.
network
low complexity
datataker CWE-522
critical
9.8