Common Weakness Enumeration

CWE-312

Allowed

Cleartext Storage of Sensitive Information

Abstraction: Base · Status: Draft

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

1017 vulnerabilities reference this CWE, most recent first.

GHSA-RJ8P-C8G2-PPV6

Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2024-05-06 12:30
VLAI
Details

UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-3921"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-03-27T04:15:00Z",
    "severity": "MODERATE"
  },
  "details": "UltraLog Express device management software stores user\u2019s information in cleartext. Any user can obtain accounts information through a specific page.",
  "id": "GHSA-rj8p-c8g2-ppv6",
  "modified": "2024-05-06T12:30:25Z",
  "published": "2022-05-24T22:28:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3921"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/tw/cp-132-3453-442a5-1.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RJ94-6HCV-HVHV

Vulnerability from github – Published: 2025-06-27 03:30 – Updated: 2025-06-27 03:30
VLAI
Details

A vulnerability classified as problematic has been found in Bharti Airtel Thanks App 4.105.4 on Android. Affected is an unknown function of the file /Android/data/com.myairtelapp/files/. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-6748"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-27T02:15:24Z",
    "severity": "LOW"
  },
  "details": "A vulnerability classified as problematic has been found in Bharti Airtel Thanks App 4.105.4 on Android. Affected is an unknown function of the file /Android/data/com.myairtelapp/files/. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-rj94-6hcv-hvhv",
  "modified": "2025-06-27T03:30:41Z",
  "published": "2025-06-27T03:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6748"
    },
    {
      "type": "WEB",
      "url": "https://drive.google.com/file/d/1atnjssBq4tHeofoIDbWRH32z9rvA9jez/view?usp=sharing"
    },
    {
      "type": "WEB",
      "url": "https://github.com/honestcorrupt/-CVE-Proof-of-Concept-Airtel-Android-App-Insecure-Local-Storage-of-Sensitive-Data"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.314046"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.314046"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.598122"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-RJGP-5VQ3-Q8C2

Vulnerability from github – Published: 2025-03-20 21:31 – Updated: 2025-03-24 18:30
VLAI
Details

An issue in KukuFM Android v1.12.7 (11207) allows attackers to access sensitive cleartext data via the android:allowBackup="true" in the ANdroidManifest.xml

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-25758"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-20T21:15:23Z",
    "severity": "HIGH"
  },
  "details": "An issue in KukuFM Android v1.12.7 (11207) allows attackers to access sensitive cleartext data via the android:allowBackup=\"true\" in the ANdroidManifest.xml",
  "id": "GHSA-rjgp-5vq3-q8c2",
  "modified": "2025-03-24T18:30:59Z",
  "published": "2025-03-20T21:31:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16835"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46918"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25758"
    },
    {
      "type": "WEB",
      "url": "https://pastebin.com/0cb0KsGS"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RM2H-H7XF-GVC8

Vulnerability from github – Published: 2025-05-11 12:30 – Updated: 2025-05-11 12:30
VLAI
Details

A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9 and classified as problematic. Affected by this issue is some unknown functionality of the file ruoyi-ui/jsencrypt.js and ruoyi-ui/login.vue of the component Password Handler. The manipulation leads to cleartext storage of sensitive information in a cookie. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-4537"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-11T10:15:16Z",
    "severity": "LOW"
  },
  "details": "A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9 and classified as problematic. Affected by this issue is some unknown functionality of the file ruoyi-ui/jsencrypt.js and ruoyi-ui/login.vue of the component Password Handler. The manipulation leads to cleartext storage of sensitive information in a cookie. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-rm2h-h7xf-gvc8",
  "modified": "2025-05-11T12:30:29Z",
  "published": "2025-05-11T12:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4537"
    },
    {
      "type": "WEB",
      "url": "https://magnificent-dill-351.notion.site/Password-Disclosure-in-RuoYi-Vue-3-8-9-1e3c693918ed80ee9799f270c8346cd4"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.308282"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.308282"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.566469"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-RM4J-G65F-JFGX

Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2022-05-24 16:46
VLAI
Details

iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials (plain text) and the web-console password (base64) via the debugging console.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-20008"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-28T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials (plain text) and the web-console password (base64) via the debugging console.",
  "id": "GHSA-rm4j-g65f-jfgx",
  "modified": "2022-05-24T16:46:46Z",
  "published": "2022-05-24T16:46:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20008"
    },
    {
      "type": "WEB",
      "url": "https://payatu.com/ibaton-routers-responsible-disclosure"
    },
    {
      "type": "WEB",
      "url": "https://www.iball.co.in/Category/Baton/283"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-RMC6-5R9W-QWPM

Vulnerability from github – Published: 2024-03-06 18:30 – Updated: 2024-03-06 18:30
VLAI
Details

A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system.

This vulnerability is due to improper storage of an unencrypted registry key in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view sensitive information in clear text.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20292"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-06T17:15:08Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. \n\n This vulnerability is due to improper storage of an unencrypted registry key in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view sensitive information in clear text.",
  "id": "GHSA-rmc6-5r9w-qwpm",
  "modified": "2024-03-06T18:30:37Z",
  "published": "2024-03-06T18:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20292"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-infodisc-rLCEqm6T"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RMFC-FG23-373W

Vulnerability from github – Published: 2022-12-19 18:30 – Updated: 2022-12-27 21:30
VLAI
Details

Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-47512"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-19T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected",
  "id": "GHSA-rmfc-fg23-373w",
  "modified": "2022-12-27T21:30:21Z",
  "published": "2022-12-19T18:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47512"
    },
    {
      "type": "WEB",
      "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4-1_release_notes.htm"
    },
    {
      "type": "WEB",
      "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47512"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RMW4-W888-CX66

Vulnerability from github – Published: 2022-06-03 00:01 – Updated: 2022-06-12 00:00
VLAI
Details

E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-23236"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-02T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users.",
  "id": "GHSA-rmw4-w888-cx66",
  "modified": "2022-06-12T00:00:47Z",
  "published": "2022-06-03T00:01:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23236"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/NTAP-20220527-0001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RPW4-J7HF-75Q9

Vulnerability from github – Published: 2024-04-26 18:33 – Updated: 2024-04-26 18:33
VLAI
Details

A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-262126 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-4235"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-26T18:15:46Z",
    "severity": "LOW"
  },
  "details": "A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-262126 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-rpw4-j7hf-75q9",
  "modified": "2024-04-26T18:33:42Z",
  "published": "2024-04-26T18:33:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4235"
    },
    {
      "type": "WEB",
      "url": "https://netsecfish.notion.site/Netgear-DG834Gv5-Plain-Text-Credentials-Exposure-22e94fe066014490bebd349775d10b27?pvs=4"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.262126"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.262126"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.319148"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RR34-2QGV-579H

Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-05-24 19:04
VLAI
Details

The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-29324"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-04T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.",
  "id": "GHSA-rr34-2qgv-579h",
  "modified": "2022-05-24T19:04:00Z",
  "published": "2022-05-24T19:04:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29324"
    },
    {
      "type": "WEB",
      "url": "https://cybersecurityworks.com/zerodays/cve-2020-29324-d-link-router-dir-895l-mfc-telnet-hardcoded-credentials.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]

Mitigation
Implementation System Configuration Operation

In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.

CAPEC-37: Retrieve Embedded Sensitive Data

An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.