Common Weakness Enumeration

CWE-312

Allowed

Cleartext Storage of Sensitive Information

Abstraction: Base · Status: Draft

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

1017 vulnerabilities reference this CWE, most recent first.

GHSA-VMPM-J7PR-PXXH

Vulnerability from github – Published: 2022-03-17 00:00 – Updated: 2022-03-29 00:01
VLAI
Details

SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext HANA credentials.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-23234"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-16T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext HANA credentials.",
  "id": "GHSA-vmpm-j7pr-pxxh",
  "modified": "2022-03-29T00:01:39Z",
  "published": "2022-03-17T00:00:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23234"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220228-0001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VPP2-J4X9-VP5C

Vulnerability from github – Published: 2022-05-24 16:50 – Updated: 2024-04-04 01:19
VLAI
Details

TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid user via /data/data/com.tronlink.wallet/shared_prefs/.xml to gain unauthorized access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-13096"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-22T17:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid user via /data/data/com.tronlink.wallet/shared_prefs/\u003cwallet-name\u003e.xml to gain unauthorized access.",
  "id": "GHSA-vpp2-j4x9-vp5c",
  "modified": "2024-04-04T01:19:54Z",
  "published": "2022-05-24T16:50:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13096"
    },
    {
      "type": "WEB",
      "url": "https://pastebin.com/raw/08REmV1X"
    },
    {
      "type": "WEB",
      "url": "https://pastebin.com/raw/J9B8Lh0j"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VQF9-X5CX-JWW3

Vulnerability from github – Published: 2022-05-13 01:32 – Updated: 2022-05-13 01:32
VLAI
Details

IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-1877"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-02T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713.",
  "id": "GHSA-vqf9-x5cx-jww3",
  "modified": "2022-05-13T01:32:33Z",
  "published": "2022-05-13T01:32:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1877"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151713"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10735973"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VRFC-3WHC-J2HQ

Vulnerability from github – Published: 2022-05-01 18:36 – Updated: 2025-04-09 03:47
VLAI
Details

Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2007-5778"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-11-01T16:46:00Z",
    "severity": "MODERATE"
  },
  "details": "Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network.",
  "id": "GHSA-vrfc-3whc-j2hq",
  "modified": "2025-04-09T03:47:59Z",
  "published": "2022-05-01T18:36:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5778"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/43625"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/43626"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3333"
    },
    {
      "type": "WEB",
      "url": "http://www.airscanner.com/security/07101401_mobilespy.htm"
    },
    {
      "type": "WEB",
      "url": "http://www.informit.com/articles/article.aspx?p=1077909"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/482663/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26177"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VRMF-9X5H-2HR7

Vulnerability from github – Published: 2023-04-24 15:30 – Updated: 2024-04-04 03:39
VLAI
Details

Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-29480"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-24T15:15:08Z",
    "severity": "HIGH"
  },
  "details": "Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use.",
  "id": "GHSA-vrmf-9x5h-2hr7",
  "modified": "2024-04-04T03:39:22Z",
  "published": "2023-04-24T15:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29480"
    },
    {
      "type": "WEB",
      "url": "https://www.rnpgp.org/blog/2023-04-13-rnp-release-0-16-3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VRP4-MRFP-3J9C

Vulnerability from github – Published: 2024-05-14 18:30 – Updated: 2025-11-03 21:31
VLAI
Details

A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions < V5.30). The affected devices stores MQTT client passwords without sufficient protection on the devices. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-31486"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T16:16:51Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions \u003c V5.30). The affected devices stores MQTT client passwords without sufficient protection on the devices.  An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss.",
  "id": "GHSA-vrp4-mrfp-3j9c",
  "modified": "2025-11-03T21:31:05Z",
  "published": "2024-05-14T18:30:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31486"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-871704.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Jul/4"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Feb/19"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-VRQ7-Q46G-P2FQ

Vulnerability from github – Published: 2022-05-24 17:38 – Updated: 2022-05-24 17:38
VLAI
Details

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. The One Touch application discloses sensitive information, such as the hashed admin login password and the Internet provider connection username and cleartext password, in the application's response body for a /tmp/var/passwd or /tmp/home/wan_stat URI.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-24577"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-08T07:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. The One Touch application discloses sensitive information, such as the hashed admin login password and the Internet provider connection username and cleartext password, in the application\u0027s response body for a /tmp/var/passwd or /tmp/home/wan_stat URI.",
  "id": "GHSA-vrq7-q46g-p2fq",
  "modified": "2022-05-24T17:38:19Z",
  "published": "2022-05-24T17:38:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24577"
    },
    {
      "type": "WEB",
      "url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/d-link-multiple-security-vulnerabilities-leading-to-rce"
    },
    {
      "type": "WEB",
      "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories"
    },
    {
      "type": "WEB",
      "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28241"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-VRV3-8MCQ-PPF5

Vulnerability from github – Published: 2026-02-27 18:31 – Updated: 2026-03-30 21:31
VLAI
Details

The OpenID Connect (OIDC) authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-3277"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-27T16:16:26Z",
    "severity": "MODERATE"
  },
  "details": "The OpenID Connect (OIDC) authentication configuration in PowerShell \nUniversal before 2026.1.3 stores the OIDC client secret in cleartext in \nthe .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials",
  "id": "GHSA-vrv3-8mcq-ppf5",
  "modified": "2026-03-30T21:31:02Z",
  "published": "2026-02-27T18:31:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3277"
    },
    {
      "type": "WEB",
      "url": "https://devolutions.net/security/advisories/DEVO-2026-0006"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-VVP4-4HW7-Q58R

Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2024-03-21 03:34
VLAI
Details

** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-26595"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-23T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",
  "id": "GHSA-vvp4-4hw7-q58r",
  "modified": "2024-03-21T03:34:03Z",
  "published": "2022-05-24T17:42:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26595"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sgranel/directusv8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VW62-WVM7-JFWW

Vulnerability from github – Published: 2022-05-01 02:05 – Updated: 2024-02-13 18:38
VLAI
Details

IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2005-2160"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-07-06T04:00:00Z",
    "severity": "MODERATE"
  },
  "details": "IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information.",
  "id": "GHSA-vw62-wvm7-jfww",
  "modified": "2024-02-13T18:38:20Z",
  "published": "2022-05-01T02:05:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2160"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=112060187204457\u0026w=2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]

Mitigation
Implementation System Configuration Operation

In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.

CAPEC-37: Retrieve Embedded Sensitive Data

An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.