Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not mask build authorization tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it.
Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets.
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets.
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Dell GeoDrive, Versions 2.1 - 2.2, contains an information disclosure vulnerability. An authenticated non-admin user could potentially exploit this vulnerability and gain access to sensitive information.
A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multicluster Engine (MCE), allows an authenticated user with minimal namespace-scoped privileges to obtain administrative credentials for arbitrary clusters provisioned through the hub. The credentials download endpoint (GET /v2/clusters/{cluster_id}/credentials, which returns the kubeadmin password) and the kubeconfig download endpoint are operational in AUTH_TYPE=local mode, the only authentication mode available in on-premises ACM/MCE hub deployments. The local authenticator unconditionally grants full administrative access to any request bearing a valid JWT, with no per-endpoint restrictions. A valid local JWT is embedded as a plaintext query parameter in InfraEnvStatus.ISODownloadURL and is readable by any user who has get rights on an InfraEnv object in their own namespace. The affected components ship as part of Multicluster Engine (MCE). The Red Hat Advanced Cluster Management (ACM) deployments that include MCE are equally affected. This issue does not affect the hosted SaaS offering (console.redhat.com), which uses a different authentication mode. Successful exploitation gives the attacker the kubeadmin password and kubeconfig for any OpenShift cluster provisioned through the affected hub, granting unrestricted root-level administrative access to those spoke clusters.
An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged.
A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the component Password Handler. The manipulation leads to cleartext storage in a file or on disk. An attack has to be approached locally.
HCL Launch may store certain data for recurring activities in a plain text format.
The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users
The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure.
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passwords are transmitted via shared memory, exposing them to potential interception. The vulnerability is particularly severe during password modification operations, where both old and new passwords are passed as plaintext command-line arguments to the Imbox process without any encryption or obfuscation. This implementation flaw allows any process within the user session, including unprivileged processes, to retrieve these sensitive credentials by reading the command-line arguments, thereby bypassing standard privilege requirements and creating a significant security risk. This is fixed in version 1.16.2.
An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90.
A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been declared as problematic. This vulnerability affects unknown code of the component Password Storage. The manipulation leads to weak encryption. Attacking locally is a requirement.
IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. By accessing browser history, an attacker could exploit this vulnerability to obtain other user accounts' passwords. IBM X-Force ID: 226322.
IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225232.
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008.
Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the "Explode message/Explode now" functionality. Local filesystem access is needed by the attacker.
Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. This vulnerability is fixed in 0.54.1.
AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user.
qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions.
An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs.
Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected
A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager.
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 207610.
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix leak of blob encryption key Trusted keys unseal the key blob on load, but keep the sealed payload in the blob field so that every subsequent read (export) will simply convert this field to hex and send it to userspace. With DCP-based trusted keys, we decrypt the blob encryption key (BEK) in the Kernel due hardware limitations and then decrypt the blob payload. BEK decryption is done in-place which means that the trusted key blob field is modified and it consequently holds the BEK in plain text. Every subsequent read of that key thus send the plain text BEK instead of the encrypted BEK to userspace. This issue only occurs when importing a trusted DCP-based key and then exporting it again. This should rarely happen as the common use cases are to either create a new trusted key and export it, or import a key blob and then just use it without exporting it again. Fix this by performing BEK decryption and encryption in a dedicated buffer. Further always wipe the plain text BEK buffer to prevent leaking the key via uninitialized memory.
TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information.
Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure.
An issue was discovered in SmartFoxServer 2.17.0. Cleartext password disclosure can occur via /config/server.xml.
Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure.
A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge.
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key. IBM X-Force ID: 198187.
Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later.
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All versions < V19). An information disclosure vulnerability could allow a local attacker to gain access to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs, when entered by a legitimate user in the hardware configuration of the affected application.
Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device.
Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure.
A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.
Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message.
IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430.
The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. The intended behavior was to log the timestamp for incognito windows excluding Tor windows. Note that if a user has P3A enabled, the timestamp is not sent to Brave's server, but rather a value from:Used in last 24hUsed in last week but not 24hUsed in last 28 days but not weekEver used but not in last 28 daysNever usedThe privacy risk is low because a local attacker with disk access cannot tell if the timestamp corresponds to a Tor window or a non-Tor incognito window.
A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials.
IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908.
IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944.