Common Weakness Enumeration

CWE-257

Allowed

Storing Passwords in a Recoverable Format

Abstraction: Base · Status: Incomplete

The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.

115 vulnerabilities reference this CWE, most recent first.

GHSA-W8CJ-56RX-3GPM

Vulnerability from github – Published: 2026-06-12 15:30 – Updated: 2026-06-12 15:30
VLAI
Details

The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-1836"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-257"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-12T14:16:30Z",
    "severity": "MODERATE"
  },
  "details": "The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials.",
  "id": "GHSA-w8cj-56rx-3gpm",
  "modified": "2026-06-12T15:30:34Z",
  "published": "2026-06-12T15:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1836"
    },
    {
      "type": "WEB",
      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/stored-credentials-redmine"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-WGWF-QR6F-PJ7F

Vulnerability from github – Published: 2026-03-10 18:31 – Updated: 2026-03-10 18:31
VLAI
Details

The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This security issue has been fixed in the latest version of Eaton EasySoft which is available on the Eaton download centre.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-22614"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-257"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-10T18:18:12Z",
    "severity": "MODERATE"
  },
  "details": "The encryption mechanism used in Eaton\u0027s EasySoft project file was\u00a0insecure and susceptible to brute force attacks, an attacker with access to this file and the local host\nmachine could potentially read the sensitive information stored and tamper with the project file. This security issue has been fixed in the latest version of Eaton EasySoft which is available on the Eaton download centre.",
  "id": "GHSA-wgwf-qr6f-pj7f",
  "modified": "2026-03-10T18:31:19Z",
  "published": "2026-03-10T18:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22614"
    },
    {
      "type": "WEB",
      "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1023.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WW5W-XR5V-2967

Vulnerability from github – Published: 2025-07-08 15:32 – Updated: 2025-07-08 15:32
VLAI
Details

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-6996"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-257"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-08T15:15:33Z",
    "severity": "HIGH"
  },
  "details": "Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users\u2019 passwords.",
  "id": "GHSA-ww5w-xr5v-2967",
  "modified": "2025-07-08T15:32:04Z",
  "published": "2025-07-08T15:32:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6996"
    },
    {
      "type": "WEB",
      "url": "https://forums.ivanti.com/s/article/Security-Advisory-July-2025-for-Ivanti-EPM-2024-SU2-and-EPM-2022-SU8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X8WR-8GVH-9CMF

Vulnerability from github – Published: 2026-01-22 15:31 – Updated: 2026-01-22 15:31
VLAI
Details

Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability (CWE-257) in the Web session management component allows an attacker to access stored passwords in a recoverable format which makes them subject to password reuse attacks by malicious users.This issue affects WebCTRL: from 6.0 through 9.0; i-Vu: from 6.0 through 9.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-14295"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-257"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-22T13:16:04Z",
    "severity": "HIGH"
  },
  "details": "Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows.\u00a0Storing Passwords in a Recoverable Format vulnerability (CWE-257) in the Web session management component allows an attacker to access stored passwords in a recoverable format which makes them subject to password reuse attacks by malicious users.This issue affects WebCTRL: from 6.0 through 9.0; i-Vu: from 6.0 through 9.0.",
  "id": "GHSA-x8wr-8gvh-9cmf",
  "modified": "2026-01-22T15:31:31Z",
  "published": "2026-01-22T15:31:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14295"
    },
    {
      "type": "WEB",
      "url": "https://www.corporate.carrier.com/product-security/advisories-resources"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-XC8V-3956-JHJ7

Vulnerability from github – Published: 2024-07-20 06:30 – Updated: 2024-07-20 06:30
VLAI
Details

The WP Mail SMTP plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 4.0.1. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible for authenticated attackers, with administrative-level access and above, to view the SMTP password for the supplied server. Although this would not be useful for attackers in most cases, if an administrator account becomes compromised this could be useful information to an attacker in a limited environment.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-6694"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-257"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-20T04:15:05Z",
    "severity": "LOW"
  },
  "details": "The WP Mail SMTP plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 4.0.1. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible for authenticated attackers, with administrative-level access and above, to view the SMTP password for the supplied server. Although this would not be useful for attackers in most cases, if an administrator account becomes compromised this could be useful information to an attacker in a limited environment.",
  "id": "GHSA-xc8v-3956-jhj7",
  "modified": "2024-07-20T06:30:35Z",
  "published": "2024-07-20T06:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6694"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3120454/wp-mail-smtp/trunk/src/Providers/OptionsAbstract.php"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d4e9daf-d414-4ace-9efd-4c3e16deeb8f?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Use strong, non-reversible encryption to protect stored passwords.

CAPEC-49: Password Brute Forcing

An adversary tries every possible value for a password until they succeed. A brute force attack, if feasible computationally, will always be successful because it will essentially go through all possible passwords given the alphabet used (lower case letters, upper case letters, numbers, symbols, etc.) and the maximum length of the password.