CWE-522

Insufficiently Protected Credentials

Parent: CWE-1390 - Weak Authentication

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

1,363 vulnerabilities with CWE-522
CVE-2015-5955
ownCloud iOS <3.4.4 - Info Disclosure
CVE-2015-3962
Schneider Electric StruxureWare Building Expert MPM <2.15 - Info Di...
CVE-2014-9702 HIGH
Cmfive <2015-03-15 - Info Disclosure
CVSS 7.5
CVE-2014-8938 HIGH
Lexiglot <2014-11-20 - Info Disclosure
CVSS 7.8
CVE-2014-1423 MEDIUM
signond < 8.57+15.04.20141127.1-0ubuntu1 - Insufficiently Protected Credentials via OAuth Token Query
CVSS 5.9
CVE-2014-4659 MEDIUM
Ansible < 1.5.5 - Insufficiently Protected Credentials via sources.list File Permissions
CVSS 5.5
CVE-2014-4660 MEDIUM
Ansible < 1.5.5 - Insufficiently Protected Credentials via sources.list deb Line Parsing
CVSS 5.5
CVE-2014-3445 CRITICAL
HandsomeWeb SOS Webpages < 1.1.12 - Unauthenticated Backup Hash Disclosure
CVSS 9.8
CVE-2014-2581 HIGH
smb4k < 1.1.1 - Insufficiently Protected Credentials via cuid Option
CVSS 7.5
CVE-2014-6039 HIGH
ManageEngine EventLog Analyzer 7-9.9 - Credentials Disclosure
CVSS 7.5
CVE-2014-5381 CRITICAL
Grand MA 300 Firmware - Insufficiently Protected Credentials via Weak PIN Verification
CVSS 9.8
CVE-2014-5093 CRITICAL
status2k - Insufficiently Protected Credentials via Unremoved Install Directory
CVSS 9.8
CVE-2014-0241 MEDIUM
rubygem-hammer_cli_foreman - Info Disclosure
CVSS 5.5
CVE-2014-4806 MEDIUM
IBM Security AppScan Enterprise <9.0.0.1 - Info Disclosure
CVSS 5.5
CVE-2014-1812 HIGH KEV
Microsoft Windows - Privilege Escalation
CVSS 8.8
CVE-2014-0755
Rockwell Automation RSLogix 5000 7-20.01 and 21.0 - Unprotected Project File Access
CVE-2013-7055 CRITICAL
D-Link DIR-100 4.03B07 - Insufficiently Protected Credentials
CVSS 9.8
CVE-2013-7052 CRITICAL
D-Link DIR-100 4.03B07 - Insufficiently Protected Credentials via cliget.cgi Script
CVSS 9.8
CVE-2013-2672 HIGH
Brother MFC-9970CDW <0D - Info Disclosure
CVSS 7.5
CVE-2013-5113 MEDIUM
LastPass < 2.5.1 - Insufficiently Protected Credentials via PIN Implementation
CVSS 6.8
CVE-2013-3620 HIGH
Supermicro SMT X9 Firmware < 3.15 and SMT X8 Firmware < 3.12 - Hardcoded Credentials in IPMI
CVSS 7.5
CVE-2013-2106 HIGH
Stanford WebAuth < 4.6.1 - Authentication Credential Disclosure
CVSS 7.5
CVE-2013-3313 HIGH
Loftek Nexus 543 IP Camera - Info Disclosure
CVSS 7.5
CVE-2013-4423 MEDIUM
Red Hat CloudForms - Insufficiently Protected Credentials
CVSS 5.5
CVE-2013-4222
OpenStack Keystone < 2013.1.3 - Insufficiently Protected Credentials
Details
Vulnerabilities 1,363
Links
MITRE CWE Entry Search this CWE With Exploits