CWE-257
High likelihoodStoring Passwords in a Recoverable Format
The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.
64 vulnerabilities with CWE-257
CVE-2021-35050
MEDIUM
Fidelis Network & Deception <9.3.3 - Info Disclosure
CVSS 6.5
CVE-2021-27485
HIGH
ZOLL Defibrillator Dashboard <2.2 - Info Disclosure
CVSS 7.5
CVE-2021-0220
MEDIUM
Junos Space - Info Disclosure
CVSS 6.8
CVE-2020-8296
MEDIUM
Nextcloud Server <20.0.0 - Info Disclosure
CVSS 6.7
CVE-2019-18256
MEDIUM
BIOTRONIK CardioMessenger II - Info Disclosure
CVSS 4.6
CVE-2019-19096
MEDIUM
ABB eSOMS <6.0.2 - Info Disclosure
CVSS 6.1
CVE-2019-3736
HIGH
Dell EMC Integrated Data Protection Appliance <2.3 - Privilege Esca...
CVSS 7.2
CVE-2019-1010241
MEDIUM
Jenkins Credentials Binding Plugin 1.17 - Info Disclosure
CVSS 6.5
CVE-2019-6567
MEDIUM
SCALANCE - Info Disclosure
CVSS 5.5
CVE-2019-5615
MEDIUM
Rapid7 InsightVM <6.5.49 - Info Disclosure
CVSS 6.5
CVE-2018-10622
MEDIUM
Medtronic MyCareLink Patient Monitor - Info Disclosure
CVSS 4.9
CVE-2018-5446
MEDIUM
Medtronic 2090 CareLink Programmer - Info Disclosure
CVSS 4.9
CVE-2017-9942
HIGH
Siemens SiPass <V2.70 - Info Disclosure
CVSS 7.8
CVE-2016-15058
HIGH
Hirschmann HiLCOS Classic Platform Password Exposure via SNMP
CVSS 8.1
Details
Vulnerabilities
64
Exploit Likelihood
High