Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-07 | CVE-2017-13771 | Insufficiently Protected Credentials vulnerability in Lexmark Scan TO Network 3.2.9 Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet. | 5.0 |
| 2017-07-20 | CVE-2017-6532 | Insufficiently Protected Credentials vulnerability in Televes Coaxdata Gateway 1Gbps Firmware 1.02.00144.20 Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 have cleartext credentials in /mib.db. | 5.0 |
| 2017-07-17 | CVE-2017-11349 | Insufficiently Protected Credentials vulnerability in Datataker Dt8X Firmware 1.72.007 dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data. | 5.0 |
| 2017-07-10 | CVE-2017-1337 | Insufficiently Protected Credentials vulnerability in IBM Websphere MQ 9.0.1/9.0.2 IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. | 4.3 |
| 2017-07-05 | CVE-2017-1207 | Insufficiently Protected Credentials vulnerability in IBM Integration BUS and Websphere Message Broker IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. | 2.1 |
| 2017-07-03 | CVE-2017-9248 | Insufficiently Protected Credentials vulnerability in multiple products Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise. | 9.8 |
| 2017-06-30 | CVE-2017-6028 | Insufficiently Protected Credentials vulnerability in Schneider-Electric Modicon M241 Firmware and Modicon M251 Firmware An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. | 5.0 |
| 2017-06-27 | CVE-2017-7524 | Insufficiently Protected Credentials vulnerability in Tpm2-Tools Project Tpm2.0-Tools tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC. | 5.0 |
| 2017-06-13 | CVE-2017-6694 | Insufficiently Protected Credentials vulnerability in Cisco Ultra Services Platform 21.0.V0.65839 A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system. | 2.1 |
| 2017-06-12 | CVE-2017-9557 | Insufficiently Protected Credentials vulnerability in Echatserver Easy Chat Server register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response. | 5.0 |