Vulnerabilities > Insufficiently Protected Credentials

DATE CVE VULNERABILITY TITLE RISK
2017-05-06 CVE-2017-7925 Insufficiently Protected Credentials vulnerability in Dahuasecurity products
A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices.
network
low complexity
dahuasecurity CWE-522
5.0
5.0
2017-04-30 CVE-2017-8371 Insufficiently Protected Credentials vulnerability in Schneider-Electric Struxureware Data Center Expert 7.3.1
Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
schneider-electric CWE-522
4.0
4.0
2017-04-27 CVE-2017-8296 Insufficiently Protected Credentials vulnerability in KED Password Manager Project KED Password Manager 0.5/1.0
kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext.
network
low complexity
ked-password-manager-project CWE-522
5.0
5.0
2017-04-25 CVE-2017-8225 Insufficiently Protected Credentials vulnerability in Wificam Wireless IP Camera (P2P) Firmware
On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked.
network
low complexity
wificam CWE-522
7.5
7.5
2017-04-25 CVE-2017-8222 Insufficiently Protected Credentials vulnerability in Wificam Wireless IP Camera (P2P) Firmware
Wireless IP Camera (P2P) WIFICAM devices have an "Apple Production IOS Push Services" private RSA key and certificate stored in /system/www/pem/ck.pem inside the firmware, which allows attackers to obtain sensitive information.
network
low complexity
wificam CWE-522
5.0
5.0
2017-03-09 CVE-2017-6528 Insufficiently Protected Credentials vulnerability in Dnatools Dnalims 42015S13
An issue was discovered in dnaTools dnaLIMS 4-2015s13.
network
dnatools CWE-522
4.3
4.3
2017-02-13 CVE-2017-5140 Insufficiently Protected Credentials vulnerability in Honeywell XL web II Controller Xlwebexe10208/Xlwebexe20100
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior.
network
low complexity
honeywell CWE-522
5.0
5.0
2017-02-13 CVE-2017-5139 Insufficiently Protected Credentials vulnerability in Honeywell XL web II Controller Xlwebexe10208/Xlwebexe20100
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior.
network
low complexity
honeywell CWE-522
5.0
5.0
2017-02-13 CVE-2016-9360 Insufficiently Protected Credentials vulnerability in GE Cimplicity
An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions.
local
ge CWE-522
4.4
4.4
2017-02-08 CVE-2015-5013 Insufficiently Protected Credentials vulnerability in IBM products
The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access.
local
low complexity
ibm CWE-522
2.1
2.1