Vulnerabilities > Insufficiently Protected Credentials

DATE CVE VULNERABILITY TITLE RISK
2018-02-26 CVE-2018-1377 Insufficiently Protected Credentials vulnerability in IBM Security Guardium BIG Data Intelligence 3.1
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be read by a local user.
local
low complexity
ibm CWE-522
2.1
2.1
2018-02-15 CVE-2018-0828 Insufficiently Protected Credentials vulnerability in Microsoft Windows 10 and Windows Server 2016
Windows 10 version 1607 and Windows Server 2016 allow an elevation of privilege vulnerability due to how the MultiPoint management account password is stored, aka "Windows Elevation of Privilege Vulnerability".
local
low complexity
microsoft CWE-522
4.6
4.6
2018-02-12 CVE-2017-9969 Insufficiently Protected Credentials vulnerability in Schneider-Electric Igss Mobile
An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior.
local
low complexity
schneider-electric CWE-522
2.1
2.1
2018-02-09 CVE-2018-1000057 Insufficiently Protected Credentials vulnerability in Jenkins Credentials Binding
Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs.
network
low complexity
jenkins CWE-522
4.0
4.0
2018-01-31 CVE-2017-15656 Insufficiently Protected Credentials vulnerability in Asus Asuswrt 3.0.0.4.378/3.0.0.4.380.7743
Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.
network
low complexity
asus CWE-522
4.0
4.0
2018-01-29 CVE-2017-1779 Insufficiently Protected Credentials vulnerability in multiple products
IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user.
local
low complexity
ibm netapp CWE-522
2.1
2.1
2018-01-26 CVE-2017-1000387 Insufficiently Protected Credentials vulnerability in Jenkins Build-Publisher
Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.build_publisher.BuildPublisher.xml in the Jenkins master home directory.
local
low complexity
jenkins CWE-522
2.1
2.1
2017-12-20 CVE-2017-16731 Insufficiently Protected Credentials vulnerability in Hitachienergy Ellipse
An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select).
low complexity
hitachienergy CWE-522
8.8
8.8
2017-12-19 CVE-2017-17106 Insufficiently Protected Credentials vulnerability in Zivif Pr115-204-P-Rs Firmware 2.3.4.2103
Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request.
network
low complexity
zivif CWE-522
critical
 10.0
10
2017-12-16 CVE-2017-3192 Insufficiently Protected Credentials vulnerability in D-Link Dir-130 Firmware and Dir-330 Firmware
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials.
network
low complexity
d-link CWE-522
critical
 9.8
9.8