Common Weakness Enumeration

CWE-523

Allowed

Unprotected Transport of Credentials

Abstraction: Base · Status: Incomplete

Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.

40 vulnerabilities reference this CWE, most recent first.

CVE-2020-25175 (GCVE-0-2020-25175)

Vulnerability from cvelistv5 – Published: 2020-12-14 16:36 – Updated: 2024-08-04 15:26
VLAI
Summary
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.
Severity
No CVSS data available.
CWE
  • CWE-523 - UNPROTECTED TRANSPORT OF CREDENTIALS CWE-523
Assigner
References
Impacted products
Vendor Product Version
n/a GE Healthcare Imaging and Ultrasound Products Affected: MR 3.0T Signa HDxt / 3.0T Signa HDx, versions HD 16, HD23 1.5T Brivo MR355 / Optima MR360, versions SV20.1, SV23.0 1.5T Signa HDx / 1.5T Signa HDx, Signa HDi / Signa VIBRANT, versions HD16, HD23 Ultrasound, General Imaging LOGIQ 5 [BT03], LOGIQ 7 (BT03, BT04, BT06], LOGIQ 9 [BT02, BT03, BT04, BT06] Ultrasound, Cardiovascular Vivid I [BT06], Vivid 7 {BT02-BT06], EchoPAC (Turnkey) [BT06], Image Vault (Turnkey) [4.3] Ultrasound, Women’s Health Voluson 730 [BT05, BT08] Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0, Interventional Innova 2000, 3100, 4100, 2100-IQ, 3100-IQ, 4100-IQ, 212-IQ, 313-IQ Optima 320, CL320i, CL323i, CL320, 3100 Optima IGS 320, 330
Affected: Innova IGS 5x0, 6x0, 7x0 Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 X-Ray Brivo XR118, XR383, XR515, XR575
Affected: Definium 5000, 6000, 8000, AMX 700
Affected: Discovery XR650, XR656, XR656+
Affected: Optima XR640, XR646, XR220amx, XR200amx
Affected: Precision 500D, WDR1 Mammography Seno 200D, DS, Essential
Affected: Senographe Pristina Computed Tomography BrightSpeed Elite, Elite Select, Edge, Edge Select Brivo CT385 Discovery CT590RT, CT750HD LightSpeed VCT, Pro16, RT16 Optima Advance, CT520, CT540, CT660, CT580, CT580RT, CT580W, CT670, CT680 Quantum, Expert & Professional Revolution EVO,HD,ACT, ACTs, CT, Discovery CT, Frontier, Frontier ES Nuclear Medicine, PET/CT Brivo NM 615 Discovery NM 630, NM 750b, NM D530c, NM/CT D570c, NM/CT 670 Infinia Discovery NM830, NM/CT 860, NM/CT850, NM/CT 870,
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:26:09.534Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "GE Healthcare Imaging and Ultrasound Products",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "MR 3.0T Signa HDxt / 3.0T Signa HDx, versions HD 16, HD23 1.5T Brivo MR355 / Optima MR360, versions SV20.1, SV23.0 1.5T Signa HDx / 1.5T Signa HDx, Signa HDi / Signa VIBRANT, versions HD16, HD23 Ultrasound, General Imaging LOGIQ 5 [BT03], LOGIQ 7 (BT03, BT04, BT06], LOGIQ 9 [BT02, BT03, BT04, BT06] Ultrasound, Cardiovascular Vivid I [BT06], Vivid 7 {BT02-BT06], EchoPAC (Turnkey) [BT06], Image Vault (Turnkey) [4.3] Ultrasound, Women\u2019s Health Voluson 730 [BT05, BT08] Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0, Interventional Innova 2000, 3100, 4100, 2100-IQ, 3100-IQ, 4100-IQ, 212-IQ, 313-IQ Optima 320, CL320i, CL323i, CL320, 3100 Optima IGS 320, 330"
            },
            {
              "status": "affected",
              "version": "Innova IGS 5x0, 6x0, 7x0 Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 X-Ray Brivo XR118, XR383, XR515, XR575"
            },
            {
              "status": "affected",
              "version": "Definium 5000, 6000, 8000, AMX 700"
            },
            {
              "status": "affected",
              "version": "Discovery XR650, XR656, XR656+"
            },
            {
              "status": "affected",
              "version": "Optima XR640, XR646, XR220amx, XR200amx"
            },
            {
              "status": "affected",
              "version": "Precision 500D, WDR1 Mammography Seno 200D, DS, Essential"
            },
            {
              "status": "affected",
              "version": "Senographe Pristina Computed Tomography BrightSpeed Elite, Elite Select, Edge, Edge Select Brivo CT385 Discovery CT590RT, CT750HD LightSpeed VCT, Pro16, RT16 Optima Advance, CT520, CT540, CT660, CT580, CT580RT, CT580W, CT670, CT680 Quantum, Expert \u0026 Professional Revolution EVO,HD,ACT, ACTs, CT, Discovery CT, Frontier, Frontier ES Nuclear Medicine, PET/CT Brivo NM 615 Discovery NM 630, NM 750b, NM D530c, NM/CT D570c, NM/CT 670 Infinia Discovery NM830, NM/CT 860, NM/CT850, NM/CT 870,"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-523",
              "description": "UNPROTECTED TRANSPORT OF CREDENTIALS CWE-523",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-14T16:36:24.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-25175",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GE Healthcare Imaging and Ultrasound Products",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "MR 3.0T Signa HDxt / 3.0T Signa HDx, versions HD 16, HD23 1.5T Brivo MR355 / Optima MR360, versions SV20.1, SV23.0 1.5T Signa HDx / 1.5T Signa HDx, Signa HDi / Signa VIBRANT, versions HD16, HD23 Ultrasound, General Imaging LOGIQ 5 [BT03], LOGIQ 7 (BT03, BT04, BT06], LOGIQ 9 [BT02, BT03, BT04, BT06] Ultrasound, Cardiovascular Vivid I [BT06], Vivid 7 {BT02-BT06], EchoPAC (Turnkey) [BT06], Image Vault (Turnkey) [4.3] Ultrasound, Women\u2019s Health Voluson 730 [BT05, BT08] Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0, Interventional Innova 2000, 3100, 4100, 2100-IQ, 3100-IQ, 4100-IQ, 212-IQ, 313-IQ Optima 320, CL320i, CL323i, CL320, 3100 Optima IGS 320, 330"
                          },
                          {
                            "version_value": "Innova IGS 5x0, 6x0, 7x0 Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 X-Ray Brivo XR118, XR383, XR515, XR575"
                          },
                          {
                            "version_value": "Definium 5000, 6000, 8000, AMX 700"
                          },
                          {
                            "version_value": "Discovery XR650, XR656, XR656+"
                          },
                          {
                            "version_value": "Optima XR640, XR646, XR220amx, XR200amx"
                          },
                          {
                            "version_value": "Precision 500D, WDR1 Mammography Seno 200D, DS, Essential"
                          },
                          {
                            "version_value": "Senographe Pristina Computed Tomography BrightSpeed Elite, Elite Select, Edge, Edge Select Brivo CT385 Discovery CT590RT, CT750HD LightSpeed VCT, Pro16, RT16 Optima Advance, CT520, CT540, CT660, CT580, CT580RT, CT580W, CT670, CT680 Quantum, Expert \u0026 Professional Revolution EVO,HD,ACT, ACTs, CT, Discovery CT, Frontier, Frontier ES Nuclear Medicine, PET/CT Brivo NM 615 Discovery NM 630, NM 750b, NM D530c, NM/CT D570c, NM/CT 670 Infinia Discovery NM830, NM/CT 860, NM/CT850, NM/CT 870,"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "UNPROTECTED TRANSPORT OF CREDENTIALS CWE-523"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-25175",
    "datePublished": "2020-12-14T16:36:24.000Z",
    "dateReserved": "2020-09-04T00:00:00.000Z",
    "dateUpdated": "2024-08-04T15:26:09.534Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-16731 (GCVE-0-2017-16731)

Vulnerability from cvelistv5 – Published: 2017-12-20 19:00 – Updated: 2024-08-05 20:35
VLAI
Summary
An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a ABB Ellipse Affected: ABB Ellipse
Date Public
2017-12-20 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:35:20.504Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-353-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ABB Ellipse",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "ABB Ellipse"
            }
          ]
        }
      ],
      "datePublic": "2017-12-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-523",
              "description": "CWE-523",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-20T19:57:01.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-353-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-16731",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ABB Ellipse",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "ABB Ellipse"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-523"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-353-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-353-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2017-16731",
    "datePublished": "2017-12-20T19:00:00.000Z",
    "dateReserved": "2017-11-09T00:00:00.000Z",
    "dateUpdated": "2024-08-05T20:35:20.504Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-2288-8H3R-CQGG

Vulnerability from github – Published: 2026-06-19 20:47 – Updated: 2026-06-19 20:47
VLAI
Summary
CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality
Details

Impact

When the proof key recovered from the RSTR can be observed by a party that is not the legitimate client, that party can impersonate the authenticated Windows principal for the lifetime of the SCT (default ~10 hours) and decrypt or forge any subsequent WS‑SecureConversation traffic that uses keys derived from the SCT.

Preconditions

Using security mode TransportWithMessageCredential with client credential type Windows, along with session establishment (which triggers use of WS-SecureConversation).

Patches

Fixed in CoreWCF v1.9.1

Workarounds

Ensure communication is protected by SSL/TLS to prevent capturing of SCT negotiation handshake.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "CoreWCF.Primitives"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.9.0"
            },
            {
              "fixed": "1.9.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-54784"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-311",
      "CWE-523"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-19T20:47:17Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\nWhen the proof key recovered from the RSTR can be observed by a party that is not the legitimate client, that party can impersonate the authenticated Windows principal for the lifetime of the SCT (default ~10 hours) and decrypt or forge any subsequent WS\u2011SecureConversation traffic that uses keys derived from the SCT.\n\n#### Preconditions\nUsing security mode TransportWithMessageCredential with client credential type Windows, along with session establishment (which triggers use of WS-SecureConversation).\n\n### Patches\nFixed in CoreWCF v1.9.1\n\n### Workarounds\nEnsure communication is protected by SSL/TLS to prevent capturing of SCT negotiation handshake.",
  "id": "GHSA-2288-8h3r-cqgg",
  "modified": "2026-06-19T20:47:17Z",
  "published": "2026-06-19T20:47:17Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-2288-8h3r-cqgg"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/CoreWCF/CoreWCF"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality"
}

GHSA-28JG-69QR-J99G

Vulnerability from github – Published: 2024-07-17 18:31 – Updated: 2024-07-17 18:31
VLAI
Details

A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information.

This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20395"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-523"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-17T17:15:12Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information.\n\n This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user.",
  "id": "GHSA-28jg-69qr-j99g",
  "modified": "2024-07-17T18:31:00Z",
  "published": "2024-07-17T18:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20395"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2C9M-W27F-53RM

Vulnerability from github – Published: 2023-03-22 12:30 – Updated: 2025-11-04 21:30
VLAI
Summary
Apache Tomcat vulnerable to Unprotected Transport of Credentials
Details

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-catalina"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.0-M1"
            },
            {
              "fixed": "11.0.0-M3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-catalina"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.1.0-M1"
            },
            {
              "fixed": "10.1.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-catalina"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0-M1"
            },
            {
              "fixed": "9.0.72"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-catalina"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.5.0"
            },
            {
              "fixed": "8.5.86"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-28708"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-523"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-22T21:22:52Z",
    "nvd_published_at": "2023-03-22T11:15:00Z",
    "severity": "MODERATE"
  },
  "details": "When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.",
  "id": "GHSA-2c9m-w27f-53rm",
  "modified": "2025-11-04T21:30:33Z",
  "published": "2023-03-22T12:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28708"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/3b51230764da595bb19e8d0962dd8c69ab40dfab"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/5b72c94e8b2c4ada63a1d91dc527bf4d8fd1f510"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/c64d496dda1560b5df113be55fbfaefec349b50f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/f509bbf31fc00abe3d9f25ebfabca5e05173da5b"
    },
    {
      "type": "WEB",
      "url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/tomcat"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230331-0012"
    },
    {
      "type": "WEB",
      "url": "https://tomcat.apache.org/security-10.html"
    },
    {
      "type": "WEB",
      "url": "https://tomcat.apache.org/security-11.html"
    },
    {
      "type": "WEB",
      "url": "https://tomcat.apache.org/security-8.html"
    },
    {
      "type": "WEB",
      "url": "https://tomcat.apache.org/security-9.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Tomcat vulnerable to Unprotected Transport of Credentials"
}

GHSA-2Q9W-RH4F-G84J

Vulnerability from github – Published: 2026-06-19 00:31 – Updated: 2026-06-19 00:31
VLAI
Details

A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues.  Queue messages contained tenant-specific identifiers.  The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method entirely.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-8668"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-523"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-18T22:16:32Z",
    "severity": "LOW"
  },
  "details": "A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. \u00a0Queue messages contained tenant-specific identifiers. \u00a0The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method entirely.",
  "id": "GHSA-2q9w-rh4f-g84j",
  "modified": "2026-06-19T00:31:37Z",
  "published": "2026-06-19T00:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8668"
    },
    {
      "type": "WEB",
      "url": "https://docs.chef.io/release_notes/360"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:H/SI:N/SA:L/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:X/V:X/RE:L/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-37QF-JWXF-87WG

Vulnerability from github – Published: 2025-10-30 18:31 – Updated: 2025-10-30 21:30
VLAI
Details

Mobile Scanner Android App version 2.12.38 (package name com.glority.everlens), developed by Glority Global Group Ltd., contains a credential leakage vulnerability. Improper handling of cloud service credentials may allow attackers to obtain them and carry out unauthorized actions, such as sensitive information disclosure and abuse of cloud resources. Successful exploitation could result in privacy breaches and misuse of the platform infrastructure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-61121"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-523"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-30T17:15:39Z",
    "severity": "HIGH"
  },
  "details": "Mobile Scanner Android App version 2.12.38 (package name com.glority.everlens), developed by Glority Global Group Ltd., contains a credential leakage vulnerability. Improper handling of cloud service credentials may allow attackers to obtain them and carry out unauthorized actions, such as sensitive information disclosure and abuse of cloud resources. Successful exploitation could result in privacy breaches and misuse of the platform infrastructure.",
  "id": "GHSA-37qf-jwxf-87wg",
  "modified": "2025-10-30T21:30:46Z",
  "published": "2025-10-30T18:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61121"
    },
    {
      "type": "WEB",
      "url": "https://kar1oz.notion.site/Mobile-Scanner-2659a473ecb28058a9f3e06cff61781c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7J94-8GXX-FVQG

Vulnerability from github – Published: 2025-11-15 00:30 – Updated: 2025-11-15 00:30
VLAI
Details

Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-64309"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-523"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-15T00:15:48Z",
    "severity": "HIGH"
  },
  "details": "Brightpick Mission Control \ndiscloses device telemetry, configuration, and credential information \nvia WebSocket traffic to unauthenticated users when they connect to a \nspecific URL. The unauthenticated URL can be discovered through basic \nnetwork scanning techniques.",
  "id": "GHSA-7j94-8gxx-fvqg",
  "modified": "2025-11-15T00:30:26Z",
  "published": "2025-11-15T00:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64309"
    },
    {
      "type": "WEB",
      "url": "https://brightpick.ai/contact-us"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-7RFV-3PC8-CP7X

Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37
VLAI
Details

An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-16731"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-522",
      "CWE-523"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-20T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials.",
  "id": "GHSA-7rfv-3pc8-cp7x",
  "modified": "2022-05-13T01:37:21Z",
  "published": "2022-05-13T01:37:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16731"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-353-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-99CX-G736-3WHP

Vulnerability from github – Published: 2025-10-14 09:31 – Updated: 2025-11-03 18:31
VLAI
Details

An unauthenticated remote attacker (MITM) can intercept the websocket messages to gain access to the login credentials for the Webfrontend.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-41705"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-523"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-14T08:15:35Z",
    "severity": "MODERATE"
  },
  "details": "An unauthenticated remote attacker (MITM) can intercept the websocket messages to gain access to the login credentials for the Webfrontend.",
  "id": "GHSA-99cx-g736-3whp",
  "modified": "2025-11-03T18:31:46Z",
  "published": "2025-10-14T09:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41705"
    },
    {
      "type": "WEB",
      "url": "https://certvde.com/de/advisories/VDE-2025-072"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Oct/12"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Operation System Configuration

Enforce SSL use for the login page or any page used to transmit user credentials or other sensitive information. Even if the entire site does not use SSL, it MUST use SSL for login. Additionally, to help prevent phishing attacks, make sure that SSL serves the login page. SSL allows the user to verify the identity of the server to which they are connecting. If the SSL serves login page, the user can be certain they are talking to the proper end system. A phishing attack would typically redirect a user to a site that does not have a valid trusted server certificate issued from an authorized supplier.

CAPEC-102: Session Sidejacking

Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.