CWE-522

Insufficiently Protected Credentials

Parent: CWE-1390 - Weak Authentication

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

1,360 vulnerabilities with CWE-522
CVE-2021-27941 MEDIUM
eWeLink <4.9.2-4.9.1 - Info Disclosure
CVSS 4.6
CVE-2021-30169 MEDIUM
Meritlilin Webcam Devices - Information Disclosure
CVSS 5.3
CVE-2021-30168 CRITICAL
Meritlilin P2R/P2G Firmware < 7.1.94.8908 - Unauthenticated Credential Exposure
CVSS 9.8
CVE-2021-30167 CRITICAL
Network Camera Device - Privilege Escalation
CVSS 9.8
CVE-2021-29262 HIGH
Apache Solr < 8.8.2 - Insufficiently Protected Credentials in ZkACLProvider
CVSS 7.5
CVE-2021-22115 MEDIUM
Cloudfoundry Capi-release - Insufficiently Protected Credentials
CVSS 6.5
CVE-2021-28171 CRITICAL
Vangene deltaFlow E-platform - Privilege Escalation
CVSS 9.8
CVE-2021-21634 MEDIUM
Jenkins Jabber (XMPP) Notifier and Control Plugin < 1.41 - Insufficiently Protected Credentials
CVSS 6.5
CVE-2021-29255 HIGH
MicroSeven MYM71080i-B Firmware 2.0.5-2.0.20 - Unauthenticated Credential Exposure via Cleartext Transmission
CVSS 7.5
CVE-2021-27372 CRITICAL
Realtek xPON RTL9601D SDK 1.9 - Privilege Escalation
CVSS 9.8
CVE-2021-1392 HIGH
Cisco IOS and IOS XE - Authenticated Password Exposure via CIP Security Command
CVSS 7.8
CVE-2021-3141 HIGH
Unisys Stealth 6.0-6.0.025.0 - Insufficiently Protected Credentials
CVSS 7.8
CVE-2021-3344 HIGH
OpenShift Builder < 2021-01-26 - Privilege Escalation via Build-Time Credential Mount
CVSS 8.8
CVE-2021-27935 HIGH
AdGuard Home < 0.105.2 - Insufficiently Protected Credentials via Password Hash in Cookie
CVSS 7.5
CVE-2021-22681 CRITICAL KEV
Rockwell Automation Studio 5000 <21 - Path Traversal
CVSS 9.8
CVE-2021-25284 MEDIUM
SaltStack Salt <3002.5 - Info Disclosure
CVSS 4.4
CVE-2021-1731 MEDIUM
Windows 10 and Windows Server 2016/2019 - Insufficiently Protected Credentials via PFX Encryption Bypass
CVSS 5.5
CVE-2021-3252 HIGH
KACO New Energy XP100U - Info Disclosure
CVSS 7.5
CVE-2021-20445 MEDIUM
IBM Maximo for Civil Infrastructure <7.6.2 - Info Disclosure
CVSS 6.5
CVE-2021-20410 MEDIUM
IBM Security Verify Information Queue <1.0.8 - Info Disclosure
CVSS 5.3
CVE-2021-27187 HIGH
Sovremennye Delovye Tekhnologii FX Aggregator Terminal Client 1 - Cleartext Password Storage
CVSS 7.5
CVE-2021-0220 MEDIUM
Juniper Junos Space < 20.3R1 - Insufficiently Protected Credentials
CVSS 6.8
CVE-2021-0212 MEDIUM
Juniper Networks Contrail Networking <1911.31 - Info Disclosure
CVSS 5.0
CVE-2021-22132 MEDIUM
Elasticsearch 7.7.0-7.10.1 - Information Disclosure via Async Search API
CVSS 4.8
CVE-2021-1126 MEDIUM
Cisco Firepower Management Center - Info Disclosure
CVSS 5.5
Details
Vulnerabilities 1,360
Links
MITRE CWE Entry Search this CWE With Exploits