Common Weakness Enumeration

CWE-256

Allowed

Plaintext Storage of a Password

Abstraction: Base · Status: Incomplete

The product stores a password in plaintext within resources such as memory or files.

397 vulnerabilities reference this CWE, most recent first.

GHSA-QJ7P-9HGF-X8J7

Vulnerability from github – Published: 2022-05-24 17:08 – Updated: 2023-01-05 21:44
VLAI
Summary
Passwords stored in plain text by Harvest SCM Plugin
Details

Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:harvest"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-2131"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-256",
      "CWE-522"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-05T21:44:47Z",
    "nvd_published_at": "2020-02-12T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",
  "id": "GHSA-qj7p-9hgf-x8j7",
  "modified": "2023-01-05T21:44:47Z",
  "published": "2022-05-24T17:08:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2131"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/harvest-plugin"
    },
    {
      "type": "WEB",
      "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1553"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Passwords stored in plain text by Harvest SCM Plugin"
}

GHSA-QRQQ-GGQX-45C7

Vulnerability from github – Published: 2025-07-03 12:34 – Updated: 2025-07-03 12:34
VLAI
Details

Several credentials for the local PostgreSQL database are stored in plain text (partially base64 encoded).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1709"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-256"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-03T12:15:21Z",
    "severity": "MODERATE"
  },
  "details": "Several credentials for the local PostgreSQL database are stored in plain text (partially base64 encoded).",
  "id": "GHSA-qrqq-ggqx-45c7",
  "modified": "2025-07-03T12:34:57Z",
  "published": "2025-07-03T12:34:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1709"
    },
    {
      "type": "WEB",
      "url": "https://sick.com/psirt"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
    },
    {
      "type": "WEB",
      "url": "https://www.endress.com"
    },
    {
      "type": "WEB",
      "url": "https://www.first.org/cvss/calculator/3.1"
    },
    {
      "type": "WEB",
      "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json"
    },
    {
      "type": "WEB",
      "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QV37-MFJF-42H8

Vulnerability from github – Published: 2022-10-25 19:00 – Updated: 2022-10-31 16:00
VLAI
Summary
Plaintext storage of tokens in pulp_ansible
Details

The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pulp-ansible"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.15.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-3644"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-256",
      "CWE-522"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-10-25T22:28:13Z",
    "nvd_published_at": "2022-10-25T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp\u0027s encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. ",
  "id": "GHSA-qv37-mfjf-42h8",
  "modified": "2022-10-31T16:00:21Z",
  "published": "2022-10-25T19:00:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3644"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pulp/pulp_ansible/issues/1221"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pulp/pulp_ansible/commit/d13c427b09482a7f598d8ee597d17a8a34888665"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pulp/pulp_ansible"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pulp/pulp_ansible/blob/main/pulp_ansible/app/models.py#L234"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Plaintext storage of tokens in pulp_ansible"
}

GHSA-QXC8-HG93-PQH7

Vulnerability from github – Published: 2025-01-09 09:31 – Updated: 2025-01-09 15:31
VLAI
Details

After gaining access to the firmware of a charging station, a file at can be accessed to obtain default credentials that are the same across all Iocharger AC model EV chargers.

This issue affects Iocharger firmware for AC models before firmware version 25010801.

The issue is addressed by requiring a mandatory password change on first login, it is still recommended to change the password on older models.

Likelihood: Moderate – The attacker will first have to abuse a code execution or file inclusion vulnerability (for example by using .sh) to gain access to the .json file, or obtain a firmware dump of the charging station or obtain the firmware via other channels.

Impact: Critical – All chargers using Iocharger firmware for AC models started with the same initial password. For models with firmware version before 25010801 a password change was not mandatory. It is therefore very likely that this firmware password is still active on many chargers. These credentials could, once obtained, allow an attacker to log into many Iocharger charging station, and allow them to execute arbitrary commands via the System → Custom page.

CVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, and requires high privileges (PR:H), there is no user interaction required (UI:N). The attack leads to a compromised of the confidentialy of the "super user" credentials of the device (VC:H/VI:N/VA:N), and can subsequently be used to full compromise and other devices (SC:H/SI:H/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-43659"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-256"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-09T08:15:29Z",
    "severity": "HIGH"
  },
  "details": "After gaining access to the firmware of a charging station, a file at \u003credacted\u003e can be accessed to obtain default credentials that are the same across all Iocharger AC model EV chargers.\n\nThis issue affects Iocharger firmware for AC models before firmware version 25010801. \n\nThe issue is addressed by requiring a mandatory password change on first login, it is still recommended to change the password on older models.\n\nLikelihood: Moderate \u2013 The attacker will first have to abuse a code execution or file inclusion vulnerability (for example by using \u003credacted\u003e.sh) to gain access to the \u003credacted\u003e.json file, or obtain a firmware dump of the charging station or obtain the firmware via other channels.\n\nImpact: Critical \u2013 All chargers using Iocharger firmware for AC models started with the same initial password. For models with firmware version before 25010801 a password change was not mandatory. It is therefore very likely that this firmware password is still active on many chargers. These credentials could, once obtained, allow an attacker to log into many Iocharger charging station, and allow them to execute arbitrary commands via the System \u2192 Custom page.\n\nCVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, and requires high privileges (PR:H), there is no user interaction required (UI:N). The attack leads to a compromised of the confidentialy of the \"super user\" credentials of the device (VC:H/VI:N/VA:N), and can subsequently be used to full compromise and other devices (SC:H/SI:H/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y).",
  "id": "GHSA-qxc8-hg93-pqh7",
  "modified": "2025-01-09T15:31:51Z",
  "published": "2025-01-09T09:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43659"
    },
    {
      "type": "WEB",
      "url": "https://csirt.divd.nl/CVE-2024-43659"
    },
    {
      "type": "WEB",
      "url": "https://csirt.divd.nl/DIVD-2024-00035"
    },
    {
      "type": "WEB",
      "url": "https://iocharger.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-QXX3-FWC4-2MV7

Vulnerability from github – Published: 2024-07-31 15:31 – Updated: 2024-09-30 15:30
VLAI
Details

A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-3082"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-256",
      "CWE-522"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-31T14:15:07Z",
    "severity": "MODERATE"
  },
  "details": "A \u201cCWE-256: Plaintext Storage of a Password\u201d affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext.",
  "id": "GHSA-qxx3-fwc4-2mv7",
  "modified": "2024-09-30T15:30:43Z",
  "published": "2024-07-31T15:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3082"
    },
    {
      "type": "WEB",
      "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-3082"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R32R-F6WR-CC3W

Vulnerability from github – Published: 2022-05-24 17:22 – Updated: 2022-12-29 00:33
VLAI
Summary
Password stored in plain text by Jenkins TestComplete support Plugin
Details

Jenkins TestComplete support Plugin prior to version 2.5.2 stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. Version 2.5.2 contains a patch for this issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:TestComplete"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-2209"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-256",
      "CWE-522"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-29T00:33:25Z",
    "nvd_published_at": "2020-07-02T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Jenkins TestComplete support Plugin prior to version 2.5.2 stores a password unencrypted in job `config.xml` files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. Version 2.5.2 contains a patch for this issue.",
  "id": "GHSA-r32r-f6wr-cc3w",
  "modified": "2022-12-29T00:33:25Z",
  "published": "2022-05-24T17:22:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2209"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/testcomplete-plugin/commit/00988873c6ea7e8d081380e4262538960efd6bf1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/testcomplete-plugin/commit/91dae11421b70a334d2058286e30402cf2f86d4b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/testcomplete-plugin/commit/ca783d3b6be28b13f82865afa6a8888795d57d10"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/testcomplete-plugin"
    },
    {
      "type": "WEB",
      "url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1686"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/07/02/7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Password stored in plain text by Jenkins TestComplete support Plugin"
}

GHSA-R3CW-C95M-WFH9

Vulnerability from github – Published: 2026-06-22 20:59 – Updated: 2026-06-22 20:59
VLAI
Summary
motionEye: Authentication possible via password hash
Details

Summary

An authentication bypass vulnerability exists due to improper trust in client-controlled cookies. The application accepts user-supplied cookie values containing a username and password-hash-derived value as sufficient authentication material. These cookies can be set or modified prior to login, allowing an unauthenticated attacker to impersonate arbitrary users without knowledge of the plaintext password. This issue stems from the absence of server-side validation of authentication state and reliance on attacker-controlled cookie data

Details

The vulnerability arises because the application accepts the client-supplied cookies named meye_password_hash and meye_username as sufficient authentication material. The server does not validate these values against a server-side session or enforce proper authentication checks before establishing an authenticated state. As a result, an unauthenticated attacker can set or modify these cookies to impersonate another user if the target username and corresponding hash are known.

These cookies normally appear after using the "switch user" functionality; however, they can be added manually prior to authentication using standard browser tools (e.g., developer tools or cookie editors) or dynamically loaded by submitting blank credentials. When supplied, the server accepts them and authenticates the attacker as the specified user bypassing the intended authentication flow

Additionally, the password-hash value and username for the admin account used by the application is stored in /etc/motioneye/motion.conf which is globally readable by default on the local system. This means any local user with shell access can obtain a valid hash and values and use them to impersonate the admin via the cookie manipulation described above. While local access is required to retrieve the hash, this significantly lowers the barrier to exploitation in multi-user environments.

PoC

Starting state unauthenticated with no cookies: start state

After manually adding or submitting blank credentials to get the cookies loaded: empty cookies

Adding the credentials and refreshing the page gives us a valid session: admin login with hash

version information and session interaction validation verison

Impact

Authentication bypass

Who is impacted?

Any MotionEye deployment where attackers have access to a username and hash, and/or the /etc/motioneye/motion.conf file with the admin username and hash.

Potential consequences:

  • Account lockouts
  • Attacker persistence by changing the password
  • Enumeration of data
  • Destruction of data
  • Exfiltration of data
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "motioneye"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.44.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-46488"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-256",
      "CWE-287",
      "CWE-328",
      "CWE-836"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-22T20:59:31Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "### Summary\nAn authentication bypass vulnerability exists due to improper trust in client-controlled cookies. The application accepts user-supplied cookie values containing a username and password-hash-derived value as sufficient authentication material. These cookies can be set or modified prior to login, allowing an unauthenticated attacker to impersonate arbitrary users without knowledge of the plaintext password. This issue stems from the absence of server-side validation of authentication state and reliance on attacker-controlled cookie data\n\n### Details\nThe vulnerability arises because the application accepts the client-supplied cookies named `meye_password_hash` and `meye_username` as sufficient authentication material. The server does not validate these values against a server-side session or enforce proper authentication checks before establishing an authenticated state. As a result, an unauthenticated attacker can set or modify these cookies to impersonate another user if the target username and corresponding hash are known.\n\nThese cookies normally appear after using the \"switch user\" functionality; however, they can be added manually prior to authentication using standard browser tools (e.g., developer tools or cookie editors) or dynamically loaded by submitting blank credentials. When supplied, the server accepts them and authenticates the attacker as the specified user bypassing the intended authentication flow\n\nAdditionally, the password-hash value and username for the admin account used by the application is stored in `/etc/motioneye/motion.conf` which is globally readable by default on the local system. This means any local user with shell access can obtain a valid hash and values and use them to impersonate the admin via the cookie manipulation described above. While local access is required to retrieve the hash, this significantly lowers the barrier to exploitation in multi-user environments. \n\n### PoC\nStarting state unauthenticated with no cookies:\n\u003cimg width=\"644\" height=\"475\" alt=\"start state\" src=\"https://github.com/user-attachments/assets/cf4aff78-65f7-4f67-99e2-9134c8f04277\" /\u003e\n\nAfter manually adding or submitting blank credentials to get the cookies loaded:\n\u003cimg width=\"643\" height=\"470\" alt=\"empty cookies\" src=\"https://github.com/user-attachments/assets/223878eb-f085-4ac5-a92a-2ac21831c594\" /\u003e\n\n\nAdding the credentials and refreshing the page gives us a valid session:\n\u003cimg width=\"641\" height=\"466\" alt=\"admin login with hash\" src=\"https://github.com/user-attachments/assets/94b350ef-dd32-4cae-8bd8-e48841873f79\" /\u003e\n\n\nversion information and session interaction validation\n\u003cimg width=\"643\" height=\"468\" alt=\"verison\" src=\"https://github.com/user-attachments/assets/94290ad6-4e82-4026-8e27-5374e2f3a631\" /\u003e\n\n\n### Impact\nAuthentication bypass\n\n### Who is impacted?\n\nAny MotionEye deployment where attackers have access to a username and hash, and/or the `/etc/motioneye/motion.conf` file with the admin username and hash.\n\nPotential consequences:\n\n- Account lockouts \n- Attacker persistence by changing the password\n- Enumeration of data\n- Destruction of data\n- Exfiltration of data",
  "id": "GHSA-r3cw-c95m-wfh9",
  "modified": "2026-06-22T20:59:31Z",
  "published": "2026-06-22T20:59:31Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/motioneye-project/motioneye/security/advisories/GHSA-r3cw-c95m-wfh9"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/motioneye-project/motioneye"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "motionEye: Authentication possible via password hash"
}

GHSA-R628-467J-RHWP

Vulnerability from github – Published: 2025-03-14 15:32 – Updated: 2025-03-14 15:32
VLAI
Details

IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-45638"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-256"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-14T15:15:42Z",
    "severity": "MODERATE"
  },
  "details": "IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user.",
  "id": "GHSA-r628-467j-rhwp",
  "modified": "2025-03-14T15:32:04Z",
  "published": "2025-03-14T15:32:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45638"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7185938"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RF42-GQMW-5VH9

Vulnerability from github – Published: 2024-07-14 15:30 – Updated: 2024-07-14 15:30
VLAI
Details

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39733"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-256",
      "CWE-522"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-14T13:15:21Z",
    "severity": "MODERATE"
  },
  "details": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user.  IBM X-Force ID:  295972.",
  "id": "GHSA-rf42-gqmw-5vh9",
  "modified": "2024-07-14T15:30:57Z",
  "published": "2024-07-14T15:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39733"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295972"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7160185"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RHXJ-V9FC-VPM2

Vulnerability from github – Published: 2024-09-10 18:30 – Updated: 2024-09-11 00:30
VLAI
Details

An issue in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain sensitive information via SPI flash Firmware W25Q64JV

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-44815"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-256",
      "CWE-522"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-10T16:15:20Z",
    "severity": "HIGH"
  },
  "details": "An issue in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain sensitive information via SPI flash Firmware W25Q64JV",
  "id": "GHSA-rhxj-v9fc-vpm2",
  "modified": "2024-09-11T00:30:51Z",
  "published": "2024-09-10T18:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44815"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nitinronge91/Extracting-User-credentials-For-Web-portal-and-WiFi-AP-For-Hathway-Router-CVE-2024-44815-"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Avoid storing passwords in easily accessible locations.

Mitigation
Architecture and Design

Consider storing cryptographic hashes of passwords as an alternative to storing in plaintext.

Mitigation

A programmer might attempt to remedy the password management problem by obscuring the password with an encoding function, such as base 64 encoding, but this effort does not adequately protect the password because the encoding can be detected and decoded easily.

No CAPEC attack patterns related to this CWE.