EventStoreDB (ESDB) is an operational database built to store events. A vulnerability has been identified in the projections subsystem in versions 20 prior to 20.10.6, 21 prior to 21.10.11, 22 prior to 22.10.5, and 23 prior to 23.10.1. Only database instances that use custom projections are affected by this vulnerability. User passwords may become accessible to those who have access to the chunk files on disk, and users who have read access to system streams. Only users in the `$admins` group can access system streams by default. ESDB 23.10.1, 22.10.5, 21.10.11, and 20.10.6 contain a patch for this issue. Users should upgrade EventStoreDB, reset the passwords for current and previous members of `$admins` and `$ops` groups, and, if a password was reused in any other system, reset it in those systems to a unique password to follow best practices. If an upgrade cannot be done immediately, reset the passwords for current and previous members of `$admins` and `$ops` groups. Avoid creating custom projections until the patch has been applied.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-02-21
Updated
2024-02-22
Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured MySQL Database user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application Database with privileges of the compromised account.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-01-25
Updated
2024-02-01
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-02-10
Updated
2024-02-15
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them.
Max CVSS
6.2
EPSS Score
0.04%
Published
2024-02-02
Updated
2024-02-07
The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Starting in version 2.0.0 and prior to version 3.0.0, credentials provided to onboarding task are visible via Job Results from an execution of an Onboarding Task. Version 3.0.0 fixes this issue; no known workarounds are available. Mitigation recommendations include deleting all Job Results for any onboarding task to remove clear text credentials from database entries that were run while on v2.0.X, upgrading to v3.0.0, and rotating any exposed credentials.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-11-21
Updated
2023-11-30
Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in PPOE. A local attacker with privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-12-04
Updated
2023-12-07
Eaton easySoft software is used to program easy controllers and displays for configuring, programming and defining parameters for all the intelligent relays. This software has a password protection functionality to secure the project file from unauthorized access. This password was being stored insecurely and could be retrieved by skilled adversaries. 
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-10-17
Updated
2023-10-25
EisBaer Scada - CWE-256: Plaintext Storage of a Password
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-10-25
Updated
2023-11-01
** UNSUPPPORTED WHEN ASSIGNED ** The web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can be done remotely due to the incorrect management of the sessions in the web application.
Max CVSS
7.5
EPSS Score
0.09%
Published
2023-09-18
Updated
2023-09-21
?Softneta MedDream PACS stores usernames and passwords in plaintext. The plaintext storage could be abused by attackers to leak legitimate user’s credentials.
Max CVSS
7.5
EPSS Score
0.09%
Published
2023-09-11
Updated
2023-09-15
PiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user to gain admin credentials.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-07-07
Updated
2023-07-13
Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable.This issue affects E-Invoice Approval System: before v.20230701.
Max CVSS
7.5
EPSS Score
0.09%
Published
2023-07-25
Updated
2023-08-16
SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext domain user credentials
Max CVSS
6.5
EPSS Score
0.04%
Published
2023-10-12
Updated
2023-10-16
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/Restore–>Backup Settings, which could be read by any user accessing the file.
Max CVSS
6.5
EPSS Score
0.06%
Published
2023-01-30
Updated
2023-02-07
Plaintext Storage of a Password vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable.This issue affects MİA-MED: before 1.0.7.
Max CVSS
7.5
EPSS Score
0.09%
Published
2024-02-08
Updated
2024-02-29
A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file /api/es/admin/v3/security/user/1. The manipulation leads to unprotected storage of credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239795.
Max CVSS
6.5
EPSS Score
0.08%
Published
2023-09-15
Updated
2024-02-29
A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was possible due to SWG storing the password in plain text in some configuration files.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-09-13
Updated
2023-09-15
?All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-07-03
Updated
2023-07-07
Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them.
Max CVSS
4.3
EPSS Score
0.04%
Published
2023-05-16
Updated
2023-05-25
Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
Max CVSS
4.3
EPSS Score
0.04%
Published
2023-05-16
Updated
2023-05-25
Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server.
Max CVSS
7.5
EPSS Score
0.22%
Published
2023-03-03
Updated
2023-06-21
** UNSUPPPORTED WHEN ASSIGNED ** The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious actions.
Max CVSS
7.3
EPSS Score
0.04%
Published
2023-09-20
Updated
2023-09-22
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system.
Max CVSS
6.5
EPSS Score
0.06%
Published
2022-11-15
Updated
2023-11-01
Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.
Max CVSS
6.5
EPSS Score
0.06%
Published
2022-11-15
Updated
2023-11-13
Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
Max CVSS
6.5
EPSS Score
0.06%
Published
2022-10-19
Updated
2023-11-13
228 vulnerabilities found
1 2 3 4 5 6 7 8 9 10
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!