Show CWE-319: Cleartext Transmission of Sensitive Information - CXSecurity.com

	Topic	Date	Author
Med.	Real Estate 7 WordPress v2.9.4 Multiple Vulnerabilities	13.01.2020	m0ze
High	Across DR-810 ROM-0 - Backup File Disclosure	12.01.2019	SajjadBnz
Med.	MensaMax 4.3 Hardcoded Encryption Key Disclosure	02.10.2018	Stefan Pietsch
Med.	Trend Micro ServerProtect Disclosure / CSRF / XSS	26.05.2017	Multiple
Med.	QNAP QTS 4.2.x XSS / Command Injection / Transport Issues	18.02.2017	Harry Sintonen
Med.	Intel Driver Update Utility 2.2.0.5 Man-In-The-Middle	20.01.2016	Core
Med.	ElasticSearch Cloud-Azure Insecure Transit	20.09.2015	Pedro Andujar

CVEMAP Search Results

CVE

Details

Description

2020-02-10

Medium

CVE-2019-20061

Vendor: Mfscripts
Software: Yetishare

The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password if this email is sent in cleartext. In other words, the user is not allowed to choose their own initial password.

2020-01-26

Medium

CVE-2020-7984

Vendor: Solarwinds
Software: N-central

SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration.

2020-01-13

Medium

CVE-2014-5380

Updating...

Grand MA 300 allows retrieval of the access PIN from sniffed data.

2019-12-25

Medium

CVE-2019-19967

Updating...

The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH devices accepts a cleartext password in a POST request on port 80, as demonstrated by the Password field to the xml/setter.xml URI.

2019-12-20

Medium	CVE-2019-15911	Updating...	An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Because of insecure key transport in ZigBee communication, attackers can obtain sensitive information, cause the multiple denial of service attacks, take over smart home devices, and tamper with messages.
Low	CVE-2019-4743	Vendor: IBM Software: Financial tr...	IBM Financial Transaction Manager 3.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172880.

2019-12-18

Medium

CVE-2019-19889

Updating...

An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. The attacker can discover admin credentials in the backup file, aka backupsettings.conf.

2019-12-17

Medium

CVE-2019-16568

Vendor: Jenkins
Software: Sctmexecutor

Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously configured service credentials in plain text as part of the global configuration, as well as individual jobs' configurations.

2019-12-12

Low

CVE-2019-18285

Vendor: Siemens
Software: Sppa-t3000 a...

A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The RMI communication between the client and the Application Server is unencrypted. An attacker with access to the communication channel can read credentials of a valid user. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

2019-12-06

Medium

CVE-2019-16674

Updating...

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network.

Copyright 2020, cxsecurity.com