Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-257

CWE-257

High likelihood

Storing Passwords in a Recoverable Format

Parent: CWE-522 - Insufficiently Protected Credentials

The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.

64 vulnerabilities with CWE-257

CVE-2026-1836 MEDIUM

Stored credentials in Redmine

CVE-2026-22576 MEDIUM

FortiSOAR PaaS <7.6.4 - Info Disclosure

CVE-2026-22574 MEDIUM

FortiSOAR PaaS <7.6.4 - Info Disclosure

CVE-2026-22614 MEDIUM

Eaton EasySoft < 8.41 - Insecure Password Storage via Weak Encryption

CVE-2026-30785 MEDIUM

rustdesk < 1.4.5 - Prototype Pollution and Insufficient Password Hash Effort

CVE-2026-20128 HIGH KEV

Cisco Catalyst SD-WAN Manager - Privilege Escalation

CVE-2025-8095 CRITICAL

Recoverable obfuscation using the OECH1 prefix encoding in OpenEdge

CVE-2025-57796 MEDIUM

Explorance Blue <8.14.12 - Info Disclosure

CVE-2025-14295 HIGH

Automated Logic WebCTRL <9.0, Carrier i-Vu <9.0 - Info Disclosure

CVE-2025-8307 MEDIUM

Asseco InfoMedica Plus 4.0.0-4.50.0 and 5.0.0-5.37.9 - Password Storage in Recoverable Format

CVE-2025-34180 HIGH

NetSupport Manager <14.12.0001 - Info Disclosure

CVE-2025-40774 MEDIUM

SiPass integrated < V3.0 - Info Disclosure

CVE-2025-35054 MEDIUM

Newforma Info Exchange - Privilege Escalation

CVE-2025-0280 HIGH

HCL Compass <= 2.2.7 - Unauthorized Database Access via Recoverable Password Storage

CVE-2025-58049 MEDIUM

XWiki Platform <16.4.8-17.4.0-rc-1 - Info Disclosure

CVE-2025-57789 MEDIUM

Default Credential - Privilege Escalation

CVE-2025-8904 HIGH

Amazon EMR <7.5 - Privilege Escalation

CVE-2025-44958 MEDIUM

RUCKUS Network Director <4.5 - Info Disclosure

CVE-2025-6996 HIGH

Ivanti Endpoint Manager <2024 SU3, 2022 SU8 SU1 - Info Disclosure

CVE-2025-6995 HIGH

Ivanti Endpoint Manager <2024 SU3, 2022 SU8 SU1 - Info Disclosure

CVE-2025-27459 MEDIUM

Endress MEAC300-FNADE4 Firmware - Storing Passwords in a Recoverable Format via DES Encryption

CVE-2025-25983 LOW

Macro-video Technologies Co.,Ltd V380 Pro <2.1.64 - Info Disclosure

CVE-2025-24852 MEDIUM

CHOCO TEI WATCHER mini - Info Disclosure

CVE-2024-51552 MEDIUM

ABB ASPECT-Enterprise NEXUS Series and MATRIX Series <= 3.* - Weak Password Storage

CVE-2024-32122 LOW

Fortinet FortiOS <7.4.8 - Info Disclosure

Page 1 of 3 Next

Details

Vulnerabilities 64

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy