CWE-255
124 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-255page 1 of 3
- CVE-1999-0387NONECVSS 0.0EG 0.01999-11-29
A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords.
- CVE-1999-0755NONECVSS 0.0EG 0.01999-05-27
Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option.
- CVE-1999-0994NONECVSS 0.0EG 0.01999-12-16
Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords.
- CVE-1999-1214NONECVSS 0.0EG 0.01997-09-15
The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signa…
- CVE-2002-2290NONECVSS 0.0EG 0.02002-12-31
Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges.
- CVE-2002-2301NONECVSS 0.0EG 0.02002-12-31
Lawson Financials 8.0, when configured to use a third party relational database, stores usernames and passwords in a world-readable file, which allows local users to read the passwords and log onto the database.
- CVE-2002-2310NONECVSS 0.0EG 0.02002-12-31
ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
- CVE-2002-2345NONECVSS 0.0EG 0.02002-12-31
Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access.
- CVE-2002-2355NONECVSS 0.0EG 0.02002-12-31
Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow loc…
- CVE-2002-2384NONECVSS 0.0EG 0.02002-12-31
hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in cleartext in the hotfoon2 registry key, which allows local users to gain access to user accounts and steal phone service.
- CVE-2002-2389NONECVSS 0.0EG 0.02002-12-31
TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files.
- CVE-2002-2412NONECVSS 0.0EG 0.02002-12-31
Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts.
- CVE-2003-1376NONECVSS 0.0EG 0.02003-12-31
WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder.
- CVE-2003-1394NONECVSS 0.0EG 0.02003-12-31
CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a…
- CVE-2003-1401NONECVSS 0.0EG 0.02003-12-31
login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request.
- CVE-2003-1417NONECVSS 0.0EG 0.02003-12-31
nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the key by reading the (1) key.pem or (2) key.der files.
- CVE-2003-1424NONECVSS 0.0EG 0.02003-12-31
message.php in Petitforum does not properly authenticate users, which allows remote attackers to impersonate forum users via a modified connect cookie.
- CVE-2003-1439NONECVSS 0.0EG 0.02003-12-31
Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information.
- CVE-2003-1482NONECVSS 0.0EG 0.02003-12-31
The backup configuration file for Microsoft MN-500 wireless base station stores administrative passwords in plaintext, which allows local users to gain access.
- CVE-2003-1483NONECVSS 0.0EG 0.02003-12-31
FlashFXP 1.4 uses a weak encryption algorithm for user passwords, which allows attackers to decrypt the passwords and gain access.
- CVE-2003-1605HIGHCVSS 7.5EG 7.52018-08-23
curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server.
- CVE-2004-1366NONECVSS 0.0EG 0.02004-08-04
Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.
- CVE-2004-2532NONECVSS 0.0EG 0.02004-12-31
Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, …
- CVE-2004-2696NONECVSS 0.0EG 0.02004-12-31
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, w…
- CVE-2004-2708NONECVSS 0.0EG 0.02004-12-31
Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, which allows attackers to obtain user passwords by reading the configuration file.
- CVE-2004-2722NONECVSS 0.0EG 0.02004-12-31
Nessus 2.0.10a stores account passwords in plaintext in .nessusrc files, which allows local users to obtain passwords. NOTE: the original researcher reports that the vendor has disputed this issue
- CVE-2004-2723NONECVSS 0.0EG 0.02004-12-31
NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords.
- CVE-2008-7320MEDIUMCVSS 6.8EG 6.82018-11-18
GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because …
- CVE-2010-5305CRITICALCVSS 9.8EG 9.82019-03-26
The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration clie…
- CVE-2012-0814MEDIUMCVSS 6.5EG 6.52012-01-27
The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by read…
- CVE-2013-2951HIGHCVSS 7.8EG 7.82018-07-11
IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 8…
- CVE-2013-5461HIGHCVSS 8.8EG 8.82018-04-27
IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli Remote Control 5.1.2 store multiple hashes of partial passwords, which makes it easier for remote attackers to decrypt passwords by leveraging access to the hashes. IBM X-F…
- CVE-2014-0872MEDIUMCVSS 4.1EG 4.12018-04-25
The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force ID: 90988.
- CVE-2014-1835HIGHCVSS 7.8EG 7.82018-02-02
The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table.
- CVE-2014-4861CRITICALCVSS 9.8EG 9.82018-03-09
The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended.
- CVE-2014-5002HIGHCVSS 7.8EG 7.82018-01-10
The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes.
- CVE-2014-5433CRITICALCVSS 9.8EG 9.82019-03-26
An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) …
- CVE-2014-6111HIGHCVSS 7.8EG 7.82018-04-20
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleart…
- CVE-2014-8335HIGHCVSS 7.8EG 7.82018-01-05
(1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by list…
- CVE-2015-1320MEDIUMCVSS 5.5EG 9.82019-04-22
The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2.
- CVE-2015-4400MEDIUMCVSS 4.6EG 4.62018-02-06
Ring (formerly DoorBot) video doorbells allow remote attackers to obtain sensitive information about the wireless network configuration by pressing the set up button and leveraging an API in the GainSpan Wi-Fi module.
- CVE-2015-9240HIGHCVSS 7.5EG 7.52018-05-29
Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in.
- CVE-2015-9278CRITICALCVSS 9.8EG 9.82019-01-16
MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request.
- CVE-2016-0898CRITICALCVSS 10.0EG 10.02018-03-29
MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.
- CVE-2016-10526HIGHCVSS 8.6EG 8.62018-05-31
A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the …
- CVE-2016-10791MEDIUMCVSS 5.3EG 5.32019-08-06
cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559).
- CVE-2016-10821MEDIUMCVSS 6.5EG 6.52019-08-01
In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75).
- CVE-2016-3952HIGHCVSS 7.8EG 7.82018-02-06
web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/template_examples/beautify. NOTE: this issue can be leveraged by remote attackers to g…
- CVE-2016-6538HIGHCVSS 8.8EG 8.82018-07-06
The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vul…
- CVE-2016-6546HIGHCVSS 7.8EG 7.82018-07-13
The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. The base64 encoding format is considered equivalent to cleartext.
Map vulnerabilities like CWE-255 to your infrastructure
EchelonGraph correlates every CVE — across CWE-255 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →