Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2020-7306 5.2 MEDIUM EPSS 0.00

Mcafee Data Loss Prevention - Insufficiently Protected Credentials

Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text

CWE-522 Aug 13, 2020

CVE-2020-17489 4.3 MEDIUM EPSS 0.00

GNOME gnome-shell <3.36.4 - Info Disclosure

An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)

CWE-522 Aug 11, 2020

CVE-2020-9404 7.1 HIGH EPSS 0.00

Pactware < 5.0.5.31 - Insufficiently Protected Credentials

In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in an insecure manner, and may be modified by an attacker with no knowledge of the current passwords.

CWE-522 Aug 11, 2020

CVE-2020-9403 5.5 MEDIUM EPSS 0.00

Pactware < 5.0.5.31 - Insufficiently Protected Credentials

In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in a recoverable format, and may be retrieved by any user with access to the PACTware workstation.

CWE-522 Aug 11, 2020

CVE-2020-15661 6.5 MEDIUM EPSS 0.00

Mozilla Firefox < 28.0 - Insufficiently Protected Credentials

A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for the current domain. This vulnerability affects Firefox for iOS < 28.

CWE-522 Aug 10, 2020

CVE-2020-9525 8.1 HIGH EPSS 0.01

Cs2-network P2p < 3.0.3a - Information Disclosure

CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an authentication flaw that allows remote attackers to perform a man-in-the-middle attack, as demonstrated by eavesdropping on user video/audio streams, capturing credentials, and compromising devices.

CWE-522 Aug 10, 2020

CVE-2020-15062 8.8 HIGH EPSS 0.00

DIGITUS DA-70254 - Privilege Escalation

DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.

CWE-319 Aug 07, 2020

CVE-2020-15058 8.8 HIGH EPSS 0.00

Lindy 42633 - Privilege Escalation

Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.

CWE-319 Aug 07, 2020

CVE-2020-15054 8.8 HIGH EPSS 0.00

TP-Link USB Network Server TL-PS310U <2.079.000.t0210 - Privilege E...

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.

CWE-319 Aug 07, 2020

CVE-2020-14334 8.8 HIGH EPSS 0.00

Redhat Satellite - Insufficiently Protected Credentials

A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance.

CWE-522 Jul 31, 2020

CVE-2020-2078 6.5 MEDIUM EPSS 0.00

Sick Package Analytics < 04.1.1 - Insufficiently Protected Credentials

Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information.

CWE-522 Jul 29, 2020

CVE-2020-14489 6.2 MEDIUM EPSS 0.00

Openclinic GA - Insufficiently Protected Credentials

OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques.

CWE-522 Jul 29, 2020

CVE-2020-13915 7.5 HIGH EPSS 0.01

Ruckuswireless Unleashed Firmware - Insufficiently Protected Creden...

Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices.

CWE-522 Jul 28, 2020

CVE-2020-10609 7.5 HIGH EPSS 0.00

Grundfos CIM 500 v06.16.00 - Info Disclosure

Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device.

CWE-522 Jul 27, 2020

CVE-2020-4408 4.6 MEDIUM EPSS 0.00

IBM Qradar Advisory < 2.5.2 - Insufficiently Protected Credentials

The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input, which could be obtained by a physical attacker nearby. IBM X-Force ID: 179536.

CWE-522 Jul 27, 2020

CVE-2020-4372 7.8 HIGH EPSS 0.00

IBM Verify Gateway - Insufficiently Protected Credentials

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009

CWE-522 Jul 22, 2020

CVE-2020-4095 6.0 MEDIUM EPSS 0.00

Hcltech Bigfix Platform - Insufficiently Protected Credentials

"BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the credentials. These credentials can be used to pivot further into the environment. The principle of least privilege should be applied to all BigFix deployments, limiting administrative access."

CWE-522 Jul 16, 2020

CVE-2020-3180 7.8 HIGH EPSS 0.00

Cisco SD-WAN Solution Software - Unauthenticated Access

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. This account has root privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to an affected system by using this account. A successful exploit could allow the attacker to log in by using this account with root privileges.

CWE-522 Jul 16, 2020

CVE-2020-10287 9.8 CRITICAL EPSS 0.00

ABB Irb140 Firmware - Insufficiently Protected Credentials

The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documented functionality that helps customer set up however, out of our research, we found multiple production systems running these exact default credentials and consider thereby this an exposure that should be mitigated. Moreover, future deployments should consider that these defaults should be forbidden (user should be forced to change them).

CWE-522 Jul 15, 2020

CVE-2020-2218 3.3 LOW EPSS 0.00

Jenkins HP ALM Quality Center Plugin <1.6 - Info Disclosure

Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.

CWE-522 Jul 02, 2020

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps