Loading...
Loading...
151 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of…
Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller fil…
HCL Launch stores user credentials in plain clear text which can be read by a local user.
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored …
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resulting in use of the encryption layer for…
A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem.
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. Th…
Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller f…
Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller…
Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission (config.xml), or acc…
Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credent…
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407.
Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked.
Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWS_SECRET_ACCESS_KEY form field, increasing the potential for attackers to observe and capture it.
A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All versions < V12.39). User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to …
The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear…
The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the device could compromise other devices connected to the user's cloud.
Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored …
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/Restore–>Backup Settings, which could be read by any user accessing the file.
Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier stores the private keys unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file …
Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be vi…
Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file sy…
A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may all…
Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller …
Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them.
SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext domain user credentials
IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657.
All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated wi…
Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable. This issue affects E-Invoice Approval System: before v.20230701.
PiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user to gain admin credentials.
Softneta MedDream PACS stores usernames and passwords in plaintext. The plaintext storage could be abused by attackers to leak legitimate user’s credentials.
The web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can be done remotely due to the incorrect management of the sessions in the web applicati…
Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext.
EisBaer Scada - CWE-256: Plaintext Storage of a Password
Eaton easySoft software is used to program easy controllers and displays for configuring, programming and defining parameters for all the intelligent relays. This software has a password protection functionality to secure the project file …
A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configurat…
Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in the appliance. A local attacker with privileges could potentially exploit this vulnerability, leading to the disclosure of certain service credentials. The att…
EchelonGraph correlates every CVE — across CWE-256 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →