An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Device passwords, such as the admin password and the WPA key, are stored in cleartext.
Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC.
A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.
Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote attackers to discover cleartext credentials via iso.3.6.1.4.1.236.11.5.11.81.10.1.5.0 and iso.3.6.1.4.1.236.11.5.11.81.10.1.6.0 SNMP requests.
SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to gain access to system and If password is known, it would give administrative rights to the attacker to read/modify delete the data and rights within the system.
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Telnet and SNMP credentials.
Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain a hard-coded cryptographic key vulnerability. A remote unauthenticated attacker may exploit this vulnerability to gain access to the appliance data for remotely managed devices.
Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server.
ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers.
The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.
The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.
The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. Attackers can use "show system infor" to discover cleartext TELNET credentials.
The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings.
In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery.
RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt() method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The accounts used in the configuration files have access to vSphere instances.
An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices. Cached credentials are not erased from an access point returning wirelessly from a disconnected state. This may provide unintended network access.
An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie (CB_LOGIN) issued by the application contains the encrypted user's credentials. However, due to a bug in the application code, those credentials are encrypted using a NULL encryption key.
NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server.
An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access.
Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a Other/Unknown vulnerability in wallet private key storage that can result in Users' private key can be compromised. . This attack appear to be exploitable via Affected version run the malicious code at startup . This vulnerability appears to have been fixed in 5.2.0 and later .
ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. The file can be reached via an HTTP request. The credentials can be used to access the system via SSH (or TELNET if it is enabled).
The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI.
Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes.
Playground Sessions v2.5.582 (and earlier) for Windows, stores the user credentials in plain text allowing anyone with access to UserProfiles.sol to extract the email and password.
homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive SSH keys within downloadable and unencrypted firmware images. This allows remote attackers to use the support server as a SOCKS proxy.
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.
An issue was discovered in Descor Infocad FM before 3.1.0.0. An unauthenticated web service allows the retrieval of files on the web server and on reachable SMB servers.
Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 have cleartext credentials in /mib.db.
Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.
A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application's configuration file contains parameters that represent passwords in plaintext.
Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access.
Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information.
A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands.
Wireless IP Camera (P2P) WIFICAM devices have an "Apple Production IOS Push Services" private RSA key and certificate stored in /system/www/pem/ck.pem inside the firmware, which allows attackers to obtain sensitive information.
Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and /etc/roapass. In case one of these devices is compromised, the attacker can gain access to passwords and abuse them to compromise further systems.
Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the client-server data stream, which allows remote attackers to discover credentials by sniffing the network.
Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.
A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerability exists because the affected software logs administrative credentials in clear text for Cisco ESC and Cisco OpenStack deployment purposes. An attacker could exploit this vulnerability by accessing the AutoVNF URL for the location where the log files are stored and subsequently accessing the administrative credentials that are stored in clear text in those log files. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76659.
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.
The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.
An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application.
NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI.
Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.
Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device.
Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system.
An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the microcontroller and the secure element transmits credentials in plain. This allows an adversary to eavesdrop the communication and derive the secrets stored in the microcontroller. As a result, the attacker is able to arbitrarily manipulate the firmware of the microcontroller.