Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-27 | CVE-2017-7524 | Insufficiently Protected Credentials vulnerability in Tpm2-Tools Project Tpm2.0-Tools 1.1.0 tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC. | 7.5 |
| 2017-06-20 | CVE-2017-3214 | Insufficiently Protected Credentials vulnerability in Milwaukeetool One-Key The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary. | 7.5 |
| 2017-06-13 | CVE-2017-6694 | Insufficiently Protected Credentials vulnerability in Cisco Ultra Services Platform 21.0.V0.65839 A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system. | 5.5 |
| 2017-06-12 | CVE-2017-9557 | Insufficiently Protected Credentials vulnerability in Echatserver Easy Chat Server register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response. | 7.5 |
| 2017-06-05 | CVE-2017-8837 | Insufficiently Protected Credentials vulnerability in Peplink products Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. | 9.8 |
| 2017-05-29 | CVE-2017-7913 | Insufficiently Protected Credentials vulnerability in Moxa products A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. | 9.8 |
| 2017-05-06 | CVE-2017-7925 | Insufficiently Protected Credentials vulnerability in Dahuasecurity products A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. | 9.8 |
| 2017-04-30 | CVE-2017-8371 | Insufficiently Protected Credentials vulnerability in Schneider-Electric Struxureware Data Center Expert 7.3.1 Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors. | 6.8 |
| 2017-04-27 | CVE-2017-8296 | Insufficiently Protected Credentials vulnerability in KED Password Manager Project KED Password Manager 0.5/1.0 kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. | 7.5 |
| 2017-04-25 | CVE-2017-8225 | Insufficiently Protected Credentials vulnerability in Wificam Wireless IP Camera (P2P) Firmware On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. | 9.8 |