Vulnerabilities > Insufficiently Protected Credentials
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-06-12 | CVE-2017-9557 | Insufficiently Protected Credentials vulnerability in Echatserver Easy Chat Server register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response. | 7.5 |
2017-06-05 | CVE-2017-8837 | Insufficiently Protected Credentials vulnerability in Peplink products Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. | 9.8 |
2017-05-29 | CVE-2017-7913 | Insufficiently Protected Credentials vulnerability in Moxa products A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. | 9.8 |
2017-05-06 | CVE-2017-7925 | Insufficiently Protected Credentials vulnerability in Dahuasecurity products A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. | 9.8 |
2017-04-30 | CVE-2017-8371 | Insufficiently Protected Credentials vulnerability in Schneider-Electric Struxureware Data Center Expert 7.3.1 Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors. | 6.8 |
2017-04-27 | CVE-2017-8296 | Insufficiently Protected Credentials vulnerability in KED Password Manager Project KED Password Manager 0.5/1.0 kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. | 7.5 |
2017-04-25 | CVE-2017-8225 | Insufficiently Protected Credentials vulnerability in Wificam Wireless IP Camera (P2P) Firmware On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. | 9.8 |
2017-04-25 | CVE-2017-8222 | Insufficiently Protected Credentials vulnerability in Wificam Wireless IP Camera (P2P) Firmware Wireless IP Camera (P2P) WIFICAM devices have an "Apple Production IOS Push Services" private RSA key and certificate stored in /system/www/pem/ck.pem inside the firmware, which allows attackers to obtain sensitive information. | 7.5 |
2017-03-09 | CVE-2017-6528 | Insufficiently Protected Credentials vulnerability in Dnatools Dnalims 42015S13 An issue was discovered in dnaTools dnaLIMS 4-2015s13. | 8.1 |
2017-02-13 | CVE-2017-5140 | Insufficiently Protected Credentials vulnerability in Honeywell XL web II Controller Xlwebexe10208/Xlwebexe20100 An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. | 9.8 |