Vulnerabilities > Insufficiently Protected Credentials

DATE	CVE	VULNERABILITY TITLE	RISK
2018-07-03	CVE-2018-11634	Insufficiently Protected Credentials vulnerability in Dialogic Powermedia XMS 3.5 Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db. local low complexity dialogic CWE-522	7.8
2018-07-03	CVE-2018-7782	Insufficiently Protected Credentials vulnerability in Schneider-Electric products In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text. network low complexity schneider-electric CWE-522	8.8
2018-07-03	CVE-2018-11746	Insufficiently Protected Credentials vulnerability in Puppet Discovery 1.0.0/1.0.1/1.1.0 In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. network low complexity puppet CWE-522 critical	9.8
2018-06-29	CVE-2018-13014	Insufficiently Protected Credentials vulnerability in Safensoft Enterprise Suite, Syswatch and Tpsecure Storing password in recoverable format in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.2 allows the local attacker to restore the SysWatch password from the settings database and modify program settings. local low complexity safensoft CWE-522	7.8
2018-06-26	CVE-2018-1000610	Insufficiently Protected Credentials vulnerability in Jenkins Configuration AS Code A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords configured using Configuration as Code Plugin. network low complexity jenkins CWE-522	8.8
2018-06-26	CVE-2018-1000608	Insufficiently Protected Credentials vulnerability in Jenkins Z/Os Connector A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. network low complexity jenkins CWE-522	7.2
2018-06-12	CVE-2018-12260	Insufficiently Protected Credentials vulnerability in Apollotechnologiesinc Momentum Axel 720P Firmware 5.1.8 An issue was discovered on Momentum Axel 720P 5.1.8 devices. local low complexity apollotechnologiesinc CWE-522	6.7
2018-06-08	CVE-2018-4190	Insufficiently Protected Credentials vulnerability in multiple products An issue was discovered in certain Apple products. network low complexity apple canonical CWE-522	8.8
2018-06-07	CVE-2018-0335	Insufficiently Protected Credentials vulnerability in Cisco Prime Collaboration 12.2 A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. local low complexity cisco CWE-522	7.8
2018-06-06	CVE-2018-7510	Insufficiently Protected Credentials vulnerability in Beaconmedaes Scroll Medical AIR Systems Firmware In the web application in BeaconMedaes TotalAlert Scroll Medical Air Systems running software versions prior to 4107600010.23, passwords are presented in plaintext in a file that is accessible without authentication. network low complexity beaconmedaes CWE-522 critical	9.8