Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-04 | CVE-2017-7315 | Insufficiently Protected Credentials vulnerability in Humaxdigital Hg100R Firmware 2.0.6 An issue was discovered on Humax Digital HG100R 2.0.6 devices. | 9.8 |
| 2017-07-03 | CVE-2017-9248 | Insufficiently Protected Credentials vulnerability in multiple products Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise. | 9.8 |
| 2017-06-30 | CVE-2017-7905 | Insufficiently Protected Credentials vulnerability in GE products A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. | 9.8 |
| 2017-06-30 | CVE-2017-6028 | Insufficiently Protected Credentials vulnerability in Schneider-Electric Modicon M241 Firmware and Modicon M251 Firmware An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. | 9.8 |
| 2017-06-27 | CVE-2017-7524 | Insufficiently Protected Credentials vulnerability in Tpm2-Tools Project Tpm2.0-Tools 1.1.0 tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC. | 7.5 |
| 2017-06-20 | CVE-2017-3214 | Insufficiently Protected Credentials vulnerability in Milwaukeetool One-Key The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary. | 7.5 |
| 2017-06-13 | CVE-2017-6694 | Insufficiently Protected Credentials vulnerability in Cisco Ultra Services Platform 21.0.V0.65839 A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system. | 5.5 |
| 2017-06-12 | CVE-2017-9557 | Insufficiently Protected Credentials vulnerability in Echatserver Easy Chat Server register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response. | 7.5 |
| 2017-06-05 | CVE-2017-8837 | Insufficiently Protected Credentials vulnerability in Peplink products Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. | 9.8 |
| 2017-05-29 | CVE-2017-7913 | Insufficiently Protected Credentials vulnerability in Moxa products A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. | 9.8 |