Fallos del tipo CWE-522
555 resultadosCVE-2022-23538MEDIUMUser credentials leaked to third-party service via HTTP redirect in scs-library-clientEPSS 0.7%CVE-2023-25413HIGHAten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Telnet and SNMP credentials.EPSS 0.7%CVE-2017-8446—The Reporting feature in X-Pack in versions prior to 5.5.2 and standalone Reporting plugin versions versions prior to 2.4.6 had an impersonaEPSS 0.7%CVE-2023-32268HIGHAdministrator equivalent Filr user can access proxy administrator credentialsEPSS 0.7%CVE-2019-14840HIGHA flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentialsEPSS 0.7%CVE-2022-22998HIGHProtecting AWS credentials stored in plaintext on My Cloud HomeEPSS 0.7%CVE-2020-8339MEDIUMA cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interfEPSS 0.7%CVE-2022-43419MEDIUMJenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viEPSS 0.7%CVE-2024-28110HIGHGo SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentialsEPSS 0.7%CVE-2021-3513—A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wroEPSS 0.7%CVE-2022-41255MEDIUMJenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it canEPSS 0.7%CVE-2024-7389HIGHForminator <= 1.29.1 - HubSpot Developer API Key Sensitive Information ExposureEPSS 0.7%CVE-2021-22640HIGHOvarro TBox Insufficiently Protected CredentialsEPSS 0.7%CVE-2020-5404MEDIUMAuthentication Leak On Redirect With Reactor Netty HttpClientEPSS 0.7%CVE-2023-6254HIGHPassword is send back to clientEPSS 0.7%CVE-2022-45384MEDIUMJenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the JenkinEPSS 0.6%CVE-2023-26567HIGHSangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of gloEPSS 0.6%CVE-2021-36783CRITICALRancher: Failure to properly sanitize credentials in cluster template answersEPSS 0.6%CVE-2022-48433MEDIUMIn JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.EPSS 0.6%CVE-2022-30296HIGHInsufficiently protected credentials in the Intel(R) Datacenter Group Event iOS application, all versions, may allow an unauthenticated userEPSS 0.6%