CWE-523
AllowedUnprotected Transport of Credentials
Abstraction: Base · Status: Incomplete
Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.
40 vulnerabilities reference this CWE, most recent first.
CVE-2020-25175 (GCVE-0-2020-25175)
Vulnerability from cvelistv5 – Published: 2020-12-14 16:36 – Updated: 2024-08-04 15:26- CWE-523 - UNPROTECTED TRANSPORT OF CREDENTIALS CWE-523
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | GE Healthcare Imaging and Ultrasound Products |
Affected:
MR 3.0T Signa HDxt / 3.0T Signa HDx, versions HD 16, HD23 1.5T Brivo MR355 / Optima MR360, versions SV20.1, SV23.0 1.5T Signa HDx / 1.5T Signa HDx, Signa HDi / Signa VIBRANT, versions HD16, HD23 Ultrasound, General Imaging LOGIQ 5 [BT03], LOGIQ 7 (BT03, BT04, BT06], LOGIQ 9 [BT02, BT03, BT04, BT06] Ultrasound, Cardiovascular Vivid I [BT06], Vivid 7 {BT02-BT06], EchoPAC (Turnkey) [BT06], Image Vault (Turnkey) [4.3] Ultrasound, Women’s Health Voluson 730 [BT05, BT08] Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0, Interventional Innova 2000, 3100, 4100, 2100-IQ, 3100-IQ, 4100-IQ, 212-IQ, 313-IQ Optima 320, CL320i, CL323i, CL320, 3100 Optima IGS 320, 330
Affected: Innova IGS 5x0, 6x0, 7x0 Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 X-Ray Brivo XR118, XR383, XR515, XR575 Affected: Definium 5000, 6000, 8000, AMX 700 Affected: Discovery XR650, XR656, XR656+ Affected: Optima XR640, XR646, XR220amx, XR200amx Affected: Precision 500D, WDR1 Mammography Seno 200D, DS, Essential Affected: Senographe Pristina Computed Tomography BrightSpeed Elite, Elite Select, Edge, Edge Select Brivo CT385 Discovery CT590RT, CT750HD LightSpeed VCT, Pro16, RT16 Optima Advance, CT520, CT540, CT660, CT580, CT580RT, CT580W, CT670, CT680 Quantum, Expert & Professional Revolution EVO,HD,ACT, ACTs, CT, Discovery CT, Frontier, Frontier ES Nuclear Medicine, PET/CT Brivo NM 615 Discovery NM 630, NM 750b, NM D530c, NM/CT D570c, NM/CT 670 Infinia Discovery NM830, NM/CT 860, NM/CT850, NM/CT 870, |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GE Healthcare Imaging and Ultrasound Products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "MR 3.0T Signa HDxt / 3.0T Signa HDx, versions HD 16, HD23 1.5T Brivo MR355 / Optima MR360, versions SV20.1, SV23.0 1.5T Signa HDx / 1.5T Signa HDx, Signa HDi / Signa VIBRANT, versions HD16, HD23 Ultrasound, General Imaging LOGIQ 5 [BT03], LOGIQ 7 (BT03, BT04, BT06], LOGIQ 9 [BT02, BT03, BT04, BT06] Ultrasound, Cardiovascular Vivid I [BT06], Vivid 7 {BT02-BT06], EchoPAC (Turnkey) [BT06], Image Vault (Turnkey) [4.3] Ultrasound, Women\u2019s Health Voluson 730 [BT05, BT08] Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0, Interventional Innova 2000, 3100, 4100, 2100-IQ, 3100-IQ, 4100-IQ, 212-IQ, 313-IQ Optima 320, CL320i, CL323i, CL320, 3100 Optima IGS 320, 330"
},
{
"status": "affected",
"version": "Innova IGS 5x0, 6x0, 7x0 Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 X-Ray Brivo XR118, XR383, XR515, XR575"
},
{
"status": "affected",
"version": "Definium 5000, 6000, 8000, AMX 700"
},
{
"status": "affected",
"version": "Discovery XR650, XR656, XR656+"
},
{
"status": "affected",
"version": "Optima XR640, XR646, XR220amx, XR200amx"
},
{
"status": "affected",
"version": "Precision 500D, WDR1 Mammography Seno 200D, DS, Essential"
},
{
"status": "affected",
"version": "Senographe Pristina Computed Tomography BrightSpeed Elite, Elite Select, Edge, Edge Select Brivo CT385 Discovery CT590RT, CT750HD LightSpeed VCT, Pro16, RT16 Optima Advance, CT520, CT540, CT660, CT580, CT580RT, CT580W, CT670, CT680 Quantum, Expert \u0026 Professional Revolution EVO,HD,ACT, ACTs, CT, Discovery CT, Frontier, Frontier ES Nuclear Medicine, PET/CT Brivo NM 615 Discovery NM 630, NM 750b, NM D530c, NM/CT D570c, NM/CT 670 Infinia Discovery NM830, NM/CT 860, NM/CT850, NM/CT 870,"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-523",
"description": "UNPROTECTED TRANSPORT OF CREDENTIALS CWE-523",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-14T16:36:24.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-25175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GE Healthcare Imaging and Ultrasound Products",
"version": {
"version_data": [
{
"version_value": "MR 3.0T Signa HDxt / 3.0T Signa HDx, versions HD 16, HD23 1.5T Brivo MR355 / Optima MR360, versions SV20.1, SV23.0 1.5T Signa HDx / 1.5T Signa HDx, Signa HDi / Signa VIBRANT, versions HD16, HD23 Ultrasound, General Imaging LOGIQ 5 [BT03], LOGIQ 7 (BT03, BT04, BT06], LOGIQ 9 [BT02, BT03, BT04, BT06] Ultrasound, Cardiovascular Vivid I [BT06], Vivid 7 {BT02-BT06], EchoPAC (Turnkey) [BT06], Image Vault (Turnkey) [4.3] Ultrasound, Women\u2019s Health Voluson 730 [BT05, BT08] Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0, Interventional Innova 2000, 3100, 4100, 2100-IQ, 3100-IQ, 4100-IQ, 212-IQ, 313-IQ Optima 320, CL320i, CL323i, CL320, 3100 Optima IGS 320, 330"
},
{
"version_value": "Innova IGS 5x0, 6x0, 7x0 Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 X-Ray Brivo XR118, XR383, XR515, XR575"
},
{
"version_value": "Definium 5000, 6000, 8000, AMX 700"
},
{
"version_value": "Discovery XR650, XR656, XR656+"
},
{
"version_value": "Optima XR640, XR646, XR220amx, XR200amx"
},
{
"version_value": "Precision 500D, WDR1 Mammography Seno 200D, DS, Essential"
},
{
"version_value": "Senographe Pristina Computed Tomography BrightSpeed Elite, Elite Select, Edge, Edge Select Brivo CT385 Discovery CT590RT, CT750HD LightSpeed VCT, Pro16, RT16 Optima Advance, CT520, CT540, CT660, CT580, CT580RT, CT580W, CT670, CT680 Quantum, Expert \u0026 Professional Revolution EVO,HD,ACT, ACTs, CT, Discovery CT, Frontier, Frontier ES Nuclear Medicine, PET/CT Brivo NM 615 Discovery NM 630, NM 750b, NM D530c, NM/CT D570c, NM/CT 670 Infinia Discovery NM830, NM/CT 860, NM/CT850, NM/CT 870,"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNPROTECTED TRANSPORT OF CREDENTIALS CWE-523"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-25175",
"datePublished": "2020-12-14T16:36:24.000Z",
"dateReserved": "2020-09-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:26:09.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16731 (GCVE-0-2017-16731)
Vulnerability from cvelistv5 – Published: 2017-12-20 19:00 – Updated: 2024-08-05 20:35| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-353-01 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ABB Ellipse |
Affected:
ABB Ellipse
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:20.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-353-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ABB Ellipse",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ABB Ellipse"
}
]
}
],
"datePublic": "2017-12-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-523",
"description": "CWE-523",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-20T19:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-353-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-16731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ABB Ellipse",
"version": {
"version_data": [
{
"version_value": "ABB Ellipse"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-523"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-353-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-353-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-16731",
"datePublished": "2017-12-20T19:00:00.000Z",
"dateReserved": "2017-11-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:35:20.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-2288-8H3R-CQGG
Vulnerability from github – Published: 2026-06-19 20:47 – Updated: 2026-06-19 20:47Impact
When the proof key recovered from the RSTR can be observed by a party that is not the legitimate client, that party can impersonate the authenticated Windows principal for the lifetime of the SCT (default ~10 hours) and decrypt or forge any subsequent WS‑SecureConversation traffic that uses keys derived from the SCT.
Preconditions
Using security mode TransportWithMessageCredential with client credential type Windows, along with session establishment (which triggers use of WS-SecureConversation).
Patches
Fixed in CoreWCF v1.9.1
Workarounds
Ensure communication is protected by SSL/TLS to prevent capturing of SCT negotiation handshake.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "CoreWCF.Primitives"
},
"ranges": [
{
"events": [
{
"introduced": "1.9.0"
},
{
"fixed": "1.9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-54784"
],
"database_specific": {
"cwe_ids": [
"CWE-311",
"CWE-523"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-19T20:47:17Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Impact\nWhen the proof key recovered from the RSTR can be observed by a party that is not the legitimate client, that party can impersonate the authenticated Windows principal for the lifetime of the SCT (default ~10 hours) and decrypt or forge any subsequent WS\u2011SecureConversation traffic that uses keys derived from the SCT.\n\n#### Preconditions\nUsing security mode TransportWithMessageCredential with client credential type Windows, along with session establishment (which triggers use of WS-SecureConversation).\n\n### Patches\nFixed in CoreWCF v1.9.1\n\n### Workarounds\nEnsure communication is protected by SSL/TLS to prevent capturing of SCT negotiation handshake.",
"id": "GHSA-2288-8h3r-cqgg",
"modified": "2026-06-19T20:47:17Z",
"published": "2026-06-19T20:47:17Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-2288-8h3r-cqgg"
},
{
"type": "PACKAGE",
"url": "https://github.com/CoreWCF/CoreWCF"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality"
}
GHSA-28JG-69QR-J99G
Vulnerability from github – Published: 2024-07-17 18:31 – Updated: 2024-07-17 18:31A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information.
This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user.
{
"affected": [],
"aliases": [
"CVE-2024-20395"
],
"database_specific": {
"cwe_ids": [
"CWE-523"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-17T17:15:12Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information.\n\n This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user.",
"id": "GHSA-28jg-69qr-j99g",
"modified": "2024-07-17T18:31:00Z",
"published": "2024-07-17T18:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20395"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2C9M-W27F-53RM
Vulnerability from github – Published: 2023-03-22 12:30 – Updated: 2025-11-04 21:30When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-M1"
},
{
"fixed": "11.0.0-M3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.0-M1"
},
{
"fixed": "10.1.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0-M1"
},
{
"fixed": "9.0.72"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.0"
},
{
"fixed": "8.5.86"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-28708"
],
"database_specific": {
"cwe_ids": [
"CWE-523"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-22T21:22:52Z",
"nvd_published_at": "2023-03-22T11:15:00Z",
"severity": "MODERATE"
},
"details": "When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.",
"id": "GHSA-2c9m-w27f-53rm",
"modified": "2025-11-04T21:30:33Z",
"published": "2023-03-22T12:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/3b51230764da595bb19e8d0962dd8c69ab40dfab"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/5b72c94e8b2c4ada63a1d91dc527bf4d8fd1f510"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/c64d496dda1560b5df113be55fbfaefec349b50f"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/f509bbf31fc00abe3d9f25ebfabca5e05173da5b"
},
{
"type": "WEB",
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/tomcat"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230331-0012"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-10.html"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-11.html"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-8.html"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-9.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache Tomcat vulnerable to Unprotected Transport of Credentials"
}
GHSA-2Q9W-RH4F-G84J
Vulnerability from github – Published: 2026-06-19 00:31 – Updated: 2026-06-19 00:31A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers. The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method entirely.
{
"affected": [],
"aliases": [
"CVE-2026-8668"
],
"database_specific": {
"cwe_ids": [
"CWE-523"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-18T22:16:32Z",
"severity": "LOW"
},
"details": "A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. \u00a0Queue messages contained tenant-specific identifiers. \u00a0The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method entirely.",
"id": "GHSA-2q9w-rh4f-g84j",
"modified": "2026-06-19T00:31:37Z",
"published": "2026-06-19T00:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8668"
},
{
"type": "WEB",
"url": "https://docs.chef.io/release_notes/360"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:H/SI:N/SA:L/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:X/V:X/RE:L/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-37QF-JWXF-87WG
Vulnerability from github – Published: 2025-10-30 18:31 – Updated: 2025-10-30 21:30Mobile Scanner Android App version 2.12.38 (package name com.glority.everlens), developed by Glority Global Group Ltd., contains a credential leakage vulnerability. Improper handling of cloud service credentials may allow attackers to obtain them and carry out unauthorized actions, such as sensitive information disclosure and abuse of cloud resources. Successful exploitation could result in privacy breaches and misuse of the platform infrastructure.
{
"affected": [],
"aliases": [
"CVE-2025-61121"
],
"database_specific": {
"cwe_ids": [
"CWE-523"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-30T17:15:39Z",
"severity": "HIGH"
},
"details": "Mobile Scanner Android App version 2.12.38 (package name com.glority.everlens), developed by Glority Global Group Ltd., contains a credential leakage vulnerability. Improper handling of cloud service credentials may allow attackers to obtain them and carry out unauthorized actions, such as sensitive information disclosure and abuse of cloud resources. Successful exploitation could result in privacy breaches and misuse of the platform infrastructure.",
"id": "GHSA-37qf-jwxf-87wg",
"modified": "2025-10-30T21:30:46Z",
"published": "2025-10-30T18:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61121"
},
{
"type": "WEB",
"url": "https://kar1oz.notion.site/Mobile-Scanner-2659a473ecb28058a9f3e06cff61781c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7J94-8GXX-FVQG
Vulnerability from github – Published: 2025-11-15 00:30 – Updated: 2025-11-15 00:30Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques.
{
"affected": [],
"aliases": [
"CVE-2025-64309"
],
"database_specific": {
"cwe_ids": [
"CWE-523"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-15T00:15:48Z",
"severity": "HIGH"
},
"details": "Brightpick Mission Control \ndiscloses device telemetry, configuration, and credential information \nvia WebSocket traffic to unauthenticated users when they connect to a \nspecific URL. The unauthenticated URL can be discovered through basic \nnetwork scanning techniques.",
"id": "GHSA-7j94-8gxx-fvqg",
"modified": "2025-11-15T00:30:26Z",
"published": "2025-11-15T00:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64309"
},
{
"type": "WEB",
"url": "https://brightpick.ai/contact-us"
},
{
"type": "WEB",
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-7RFV-3PC8-CP7X
Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials.
{
"affected": [],
"aliases": [
"CVE-2017-16731"
],
"database_specific": {
"cwe_ids": [
"CWE-522",
"CWE-523"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-20T19:29:00Z",
"severity": "HIGH"
},
"details": "An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials.",
"id": "GHSA-7rfv-3pc8-cp7x",
"modified": "2022-05-13T01:37:21Z",
"published": "2022-05-13T01:37:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16731"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-353-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-99CX-G736-3WHP
Vulnerability from github – Published: 2025-10-14 09:31 – Updated: 2025-11-03 18:31An unauthenticated remote attacker (MITM) can intercept the websocket messages to gain access to the login credentials for the Webfrontend.
{
"affected": [],
"aliases": [
"CVE-2025-41705"
],
"database_specific": {
"cwe_ids": [
"CWE-523"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-14T08:15:35Z",
"severity": "MODERATE"
},
"details": "An unauthenticated remote attacker (MITM) can intercept the websocket messages to gain access to the login credentials for the Webfrontend.",
"id": "GHSA-99cx-g736-3whp",
"modified": "2025-11-03T18:31:46Z",
"published": "2025-10-14T09:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41705"
},
{
"type": "WEB",
"url": "https://certvde.com/de/advisories/VDE-2025-072"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Oct/12"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Enforce SSL use for the login page or any page used to transmit user credentials or other sensitive information. Even if the entire site does not use SSL, it MUST use SSL for login. Additionally, to help prevent phishing attacks, make sure that SSL serves the login page. SSL allows the user to verify the identity of the server to which they are connecting. If the SSL serves login page, the user can be certain they are talking to the proper end system. A phishing attack would typically redirect a user to a site that does not have a valid trusted server certificate issued from an authorized supplier.
CAPEC-102: Session Sidejacking
Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.