The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
1,363 vulnerabilities with CWE-522
CVE-2013-4869
Cisco Unified Communications Manager < 9.1\(2\) - Insufficiently Protected Credentials
CVE-2012-6663
HIGH
General Electric D20ME and D200 Firmware - Insufficiently Protected Credentials
CVSS 7.5
CVE-2012-3823
HIGH
Arialsoftware Campaign Enterprise < 11.0.551 - Insufficiently Protected Credentials
CVSS 7.5
CVE-2012-5527
MEDIUM
Claws Mail vCalendar plugin - Info Disclosure
CVSS 5.5
CVE-2012-5627
Oracle MySQL 5.5.0-5.5.28 & MariaDB 5.2.0-5.2.13 - Brute Force via Insufficient Salt Rotation
CVE-2012-3268
HP/Huawei Products - Info Disclosure
CVE-2012-3025
Tridium Niagara AX Framework <3.6 - Info Disclosure
CVE-2012-4028
Tridium Niagara AX Framework - Insufficiently Protected Credentials
CVE-2010-4178
MEDIUM
MySQL-GUI-tools - Insufficiently Protected Credentials via Process List Leak
CVSS 5.5
CVE-2007-0681
CRITICAL
ExtCalendar < 2 - Unauthenticated Password Change via register.php
CVSS 9.8
CVE-2005-3435
CRITICAL
Archilles Newsworld < 1.3.0 - Authentication Bypass via Password Hash Reuse
CVSS 9.8
CVE-2000-0944
CRITICAL
CGI Script Center News Update 1.1 - Info Disclosure
CVSS 9.8
CVE-1999-0013
HIGH
SSH - Insufficiently Protected Credentials via ssh-agent
CVSS 8.4
Details
Vulnerabilities
1,363