Filtered by CWE-522
Total 1109 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-10727 3 Apache, Netapp, Redhat 3 Activemq Artemis, Oncommand Workflow Automation, Amq Broker 2024-11-21 5.5 Medium
A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use this flaw to read the contents of the Artemis shadow file.
CVE-2020-10710 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2024-11-21 4.4 Medium
A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, such as root, to retrieve the Candlepin plaintext password.
CVE-2020-10609 1 Grundfos 1 Cim 500 2024-11-21 7.5 High
Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device.
CVE-2020-10554 1 Psyprax 1 Psyprax 2024-11-21 7.5 High
An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM.
CVE-2020-10287 1 Abb 4 Irb140, Irb140 Firmware, Irc5 and 1 more 2024-11-21 9.8 Critical
The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documented functionality that helps customer set up however, out of our research, we found multiple production systems running these exact default credentials and consider thereby this an exposure that should be mitigated. Moreover, future deployments should consider that these defaults should be forbidden (user should be forced to change them).
CVE-2020-0540 1 Intel 1 Active Management Technology Firmware 2024-11-21 7.5 High
Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.
CVE-2019-9873 1 Jetbrains 1 Intellij Idea 2024-11-21 N/A
In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8.
CVE-2019-9872 1 Jetbrains 1 Intellij Idea 2024-11-21 N/A
In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize IDE settings using a public repository, these credentials were published to this repository. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8.
CVE-2019-9868 1 Veritas 1 Netbackup Appliance 2024-11-21 N/A
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator.
CVE-2019-9867 1 Veritas 1 Netbackup Appliance 2024-11-21 N/A
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator.
CVE-2019-9823 1 Jetbrains 1 Intellij Idea 2024-11-21 N/A
In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8.
CVE-2019-9657 1 Alarm 2 Adc-v522ir, Adc-v522ir Firmware 2024-11-21 N/A
Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control, a different issue than CVE-2018-19588. This occurs because of incorrect protection of VPN certificates (used for initiating a VPN session to the Alarm.com infrastructure) on the local camera device.
CVE-2019-9533 1 Cobham 2 Explorer 710, Explorer 710 Firmware 2024-11-21 9.8 Critical
The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device.
CVE-2019-9104 1 Moxa 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more 2024-11-21 7.5 High
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. The application's configuration file contains parameters that represent passwords in cleartext.
CVE-2019-8932 1 Rdbrck 1 Shift 2024-11-21 N/A
Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application.
CVE-2019-8350 1 Simple 1 Better Banking 2024-11-21 N/A
The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed in 2.46.0) for Android was affected by an information disclosure vulnerability that leaked the user's password to the keyboard autocomplete functionality. Third-party Android keyboards that capture the password may store this password in cleartext, or transmit the password to third-party services for keyboard customization purposes. A compromise of any datastore that contains keyboard autocompletion caches would result in the disclosure of the user's Simple Bank password.
CVE-2019-7300 1 Articatech 1 Artica Proxy 2024-11-21 N/A
Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field.
CVE-2019-7271 1 Nortekcontrol 4 Linear Emerge 5000p, Linear Emerge 5000p Firmware, Linear Emerge 50p and 1 more 2024-11-21 N/A
Nortek Linear eMerge 50P/5000P devices have Default Credentials.
CVE-2019-7260 1 Nortekcontrol 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more 2024-11-21 N/A
Linear eMerge E3-Series devices have Cleartext Credentials in a Database.
CVE-2019-6700 1 Fortinet 1 Fortisiem 2024-11-21 6.5 Medium
An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code.