Vulnerabilities > Insufficiently Protected Credentials

DATE CVE VULNERABILITY TITLE RISK
2017-06-12 CVE-2017-9557 Insufficiently Protected Credentials vulnerability in Echatserver Easy Chat Server
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.
network
low complexity
echatserver CWE-522
7.5
2017-06-05 CVE-2017-8837 Insufficiently Protected Credentials vulnerability in Peplink products
Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093.
network
low complexity
peplink CWE-522
critical
9.8
2017-05-29 CVE-2017-7913 Insufficiently Protected Credentials vulnerability in Moxa products
A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA.
network
low complexity
moxa CWE-522
critical
9.8
2017-05-06 CVE-2017-7925 Insufficiently Protected Credentials vulnerability in Dahuasecurity products
A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices.
network
low complexity
dahuasecurity CWE-522
critical
9.8
2017-04-30 CVE-2017-8371 Insufficiently Protected Credentials vulnerability in Schneider-Electric Struxureware Data Center Expert 7.3.1
Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
schneider-electric CWE-522
6.8
2017-04-27 CVE-2017-8296 Insufficiently Protected Credentials vulnerability in KED Password Manager Project KED Password Manager 0.5/1.0
kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext.
network
low complexity
ked-password-manager-project CWE-522
7.5
2017-04-25 CVE-2017-8225 Insufficiently Protected Credentials vulnerability in Wificam Wireless IP Camera (P2P) Firmware
On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked.
network
low complexity
wificam CWE-522
critical
9.8
2017-04-25 CVE-2017-8222 Insufficiently Protected Credentials vulnerability in Wificam Wireless IP Camera (P2P) Firmware
Wireless IP Camera (P2P) WIFICAM devices have an "Apple Production IOS Push Services" private RSA key and certificate stored in /system/www/pem/ck.pem inside the firmware, which allows attackers to obtain sensitive information.
network
low complexity
wificam CWE-522
7.5
2017-03-09 CVE-2017-6528 Insufficiently Protected Credentials vulnerability in Dnatools Dnalims 42015S13
An issue was discovered in dnaTools dnaLIMS 4-2015s13.
network
high complexity
dnatools CWE-522
8.1
2017-02-13 CVE-2017-5140 Insufficiently Protected Credentials vulnerability in Honeywell XL web II Controller Xlwebexe10208/Xlwebexe20100
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior.
network
low complexity
honeywell CWE-522
critical
9.8