Vulnerabilities > Insufficiently Protected Credentials

DATE CVE VULNERABILITY TITLE RISK
2018-04-26 CVE-2018-1074 Insufficiently Protected Credentials vulnerability in multiple products
ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators.
network
low complexity
ovirt redhat CWE-522
7.2
7.2
2018-04-24 CVE-2017-9654 Insufficiently Protected Credentials vulnerability in Philips Dosewise 1.1.7.333/2.1.1.3069
The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files.
network
low complexity
philips CWE-522
8.8
8.8
2018-04-23 CVE-2017-1764 Insufficiently Protected Credentials vulnerability in IBM Cognos Business Intelligence
IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user.
local
high complexity
ibm CWE-522
7.0
7.0
2018-04-22 CVE-2018-10286 Insufficiently Protected Credentials vulnerability in Ericssonlg Ipecs NMS A.1Ac
The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests.
network
low complexity
ericssonlg CWE-522
8.8
8.8
2018-04-11 CVE-2018-10024 Insufficiently Protected Credentials vulnerability in Ubiquoss Vp5208A Firmware
ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs.
network
low complexity
ubiquoss CWE-522
critical
 9.8
9.8
2018-04-03 CVE-2018-4170 Insufficiently Protected Credentials vulnerability in Apple mac OS X
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-522
7.8
7.8
2018-03-31 CVE-2018-9160 Insufficiently Protected Credentials vulnerability in Sickrage
SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses.
network
low complexity
sickrage CWE-522
critical
 9.8
9.8
2018-03-30 CVE-2018-5708 Insufficiently Protected Credentials vulnerability in Dlink Dir-601 Firmware 2.02Na
An issue was discovered on D-Link DIR-601 B1 2.02NA devices.
low complexity
dlink CWE-522
8.0
8.0
2018-03-29 CVE-2018-9031 Insufficiently Protected Credentials vulnerability in Tnlsoftsolutions Sentry Vision 3.0/3.1/3.2
The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "if(pwd ==" line in the HTML source code.
network
low complexity
tnlsoftsolutions CWE-522
critical
 9.8
9.8
2018-03-28 CVE-2017-11510 Insufficiently Protected Credentials vulnerability in Wanscam Hw0021 Firmware 11.6.5.1.120161213
An information leak exists in Wanscam's HW0021 network camera that allows an unauthenticated remote attacker to recover the administrator username and password via an ONVIF GetSnapshotUri request.
network
low complexity
wanscam CWE-522
critical
 9.8
9.8