Common Weakness Enumeration

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

CVE-2026-41506 (GCVE-0-2026-41506)

Vulnerability from cvelistv5 – Published: 2026-05-08 13:43 – Updated: 2026-05-11 18:50
VLAI
Title
go-git Credential leak via cross-host redirect in smart HTTP transport
Summary
go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha.2.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-522 - Insufficiently Protected Credentials
Assigner
Impacted products
Vendor Product Version
go-git go-git Affected: < 5.18.0
Affected: < 6.0.0-alpha.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41506",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-11T18:50:31.355827Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-11T18:50:50.673Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "go-git",
          "vendor": "go-git",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 5.18.0"
            },
            {
              "status": "affected",
              "version": "\u003c 6.0.0-alpha.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522: Insufficiently Protected Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-08T13:43:19.911Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/go-git/go-git/security/advisories/GHSA-3xc5-wrhm-f963",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/go-git/go-git/security/advisories/GHSA-3xc5-wrhm-f963"
        },
        {
          "name": "https://github.com/go-git/go-git/releases/tag/v5.18.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/go-git/go-git/releases/tag/v5.18.0"
        },
        {
          "name": "https://github.com/go-git/go-git/releases/tag/v6.0.0-alpha.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/go-git/go-git/releases/tag/v6.0.0-alpha.2"
        }
      ],
      "source": {
        "advisory": "GHSA-3xc5-wrhm-f963",
        "discovery": "UNKNOWN"
      },
      "title": "go-git Credential leak via cross-host redirect in smart HTTP transport"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-41506",
    "datePublished": "2026-05-08T13:43:19.911Z",
    "dateReserved": "2026-04-20T18:18:50.681Z",
    "dateUpdated": "2026-05-11T18:50:50.673Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-41715 (GCVE-0-2026-41715)

Vulnerability from cvelistv5 – Published: 2026-06-09 03:48 – Updated: 2026-06-23 20:46
VLAI
Title
Reactor Netty HTTP Client Leaks Credentials On Protocol Downgrade Redirect
Summary
In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects. Affected versions: Reactor Netty 1.0.0 through 1.0.51; 1.1.0 through 1.1.35; 1.2.0 through 1.2.17; 1.3.0 through 1.3.5.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-522 - Insufficiently Protected Credentials
Assigner
References
Impacted products
Vendor Product Version
Spring Reactor Netty Affected: 1.0.0 , < 1.0.52 (custom)
Affected: 1.1.0 , < 1.1.36 (custom)
Affected: 1.2.0 , < 1.2.17.1 (custom)
Affected: 1.3.0 , < 1.3.15.1 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41715",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-09T13:43:15.959618Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-09T13:43:25.100Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Reactor Netty",
          "vendor": "Spring",
          "versions": [
            {
              "lessThan": "1.0.52",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "1.1.36",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "1.2.17.1",
              "status": "affected",
              "version": "1.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "1.3.15.1",
              "status": "affected",
              "version": "1.3.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.\n\nAffected versions:\nReactor Netty 1.0.0 through 1.0.51; 1.1.0 through 1.1.35; 1.2.0 through 1.2.17; 1.3.0 through 1.3.5."
            }
          ],
          "value": "In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.\n\nAffected versions:\nReactor Netty 1.0.0 through 1.0.51; 1.1.0 through 1.1.35; 1.2.0 through 1.2.17; 1.3.0 through 1.3.5."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "The Reactor Netty HTTP client may expose credentials when following a redirect from a secure (HTTPS) to an insecure (HTTP) endpoint, leading to information disclosure."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522: Insufficiently Protected Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-23T20:46:09.111Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://spring.io/security/cve-2026-41715"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Reactor Netty HTTP Client Leaks Credentials On Protocol Downgrade Redirect",
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2026-41715",
    "datePublished": "2026-06-09T03:48:41.439Z",
    "dateReserved": "2026-04-22T06:21:37.020Z",
    "dateUpdated": "2026-06-23T20:46:09.111Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-42295 (GCVE-0-2026-42295)

Vulnerability from cvelistv5 – Published: 2026-05-09 03:48 – Updated: 2026-05-11 14:47
VLAI
Title
Argo Workflows: Exposure of artifact repository credentials
Summary
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials (S3 access keys, secret keys, GCS service account keys, Azure account keys, Git passwords, etc.) in plaintext on artifact operation. Any user with read access to workflow pod logs can extract these credentials. This issue has been patched in version 4.0.5.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-522 - Insufficiently Protected Credentials
Assigner
References
Impacted products
Vendor Product Version
argoproj argo-workflows Affected: >= 4.0.0, < 4.0.5
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42295",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-11T14:46:35.547968Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-11T14:47:01.190Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-7vf8-2cr6-54mf"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "argo-workflows",
          "vendor": "argoproj",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.0.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials (S3 access keys, secret keys, GCS service account keys, Azure account keys, Git passwords, etc.) in plaintext on artifact operation. Any user with read access to workflow pod logs can extract these credentials. This issue has been patched in version 4.0.5."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "HIGH",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522: Insufficiently Protected Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-09T03:48:02.754Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-7vf8-2cr6-54mf",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-7vf8-2cr6-54mf"
        },
        {
          "name": "https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5"
        }
      ],
      "source": {
        "advisory": "GHSA-7vf8-2cr6-54mf",
        "discovery": "UNKNOWN"
      },
      "title": "Argo Workflows: Exposure of artifact repository credentials"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-42295",
    "datePublished": "2026-05-09T03:48:02.754Z",
    "dateReserved": "2026-04-26T12:13:55.552Z",
    "dateUpdated": "2026-05-11T14:47:01.190Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-42367 (GCVE-0-2026-42367)

Vulnerability from cvelistv5 – Published: 2026-05-04 00:43 – Updated: 2026-06-15 19:19
VLAI
Title
GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi privilege escalation vulnerability via leak of Administrator credentials
Summary
A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-522 - - Insufficiently Protected Credentials
Assigner
GV
Impacted products
Vendor Product Version
GeoVision Inc. GV-LPC2011/LPC2211 Affected: V1.10
Unaffected: V1.20
Create a notification for this product.
Date Public
2026-04-27 00:59
Credits
Philippe Laulheret of Cisco Talos. Kelly Patterson of Cisco Talos. Martin Zeiser of Cisco Talos.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42367",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-05T03:56:18.349768Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-05T12:44:07.467Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-06-15T19:19:04.750Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2328"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "GV-LPC2011/LPC2211",
          "vendor": "GeoVision Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "V1.10"
            },
            {
              "status": "unaffected",
              "version": "V1.20"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:geovision_inc.:gv-lpc2011_lpc2211:v1.10:*:linux:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:geovision_inc.:gv-lpc2011_lpc2211:v1.20:*:linux:*:*:*:*:*",
                  "vulnerable": false
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Philippe Laulheret of Cisco Talos."
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Kelly Patterson of Cisco Talos."
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Martin Zeiser of Cisco Talos."
        }
      ],
      "datePublic": "2026-04-27T00:59:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability."
            }
          ],
          "value": "A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-37",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522 - Insufficiently Protected Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-04T00:43:37.647Z",
        "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "shortName": "GV"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.geovision.com.tw/cyber_security.php"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "GeoVision GV-LPC2011/LPC2211 V1.12-260330 has patched the reported vulnerability.\u0026nbsp;\u003cbr\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThe user may visit the GeoVision website or contact the GeoVision Support team for firmware update.\u0026nbsp;\u0026nbsp;\u003c/div\u003e"
            }
          ],
          "value": "GeoVision GV-LPC2011/LPC2211 V1.12-260330 has patched the reported vulnerability.\u00a0\n\n\n\nThe user may visit the GeoVision website or contact the GeoVision Support team for firmware update."
        }
      ],
      "source": {
        "advisory": "TALOS-2026-2328",
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-17T01:11:00.000Z",
          "value": "Initial Vendor Contact"
        }
      ],
      "title": "GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi privilege escalation vulnerability via leak of Administrator credentials",
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
    "assignerShortName": "GV",
    "cveId": "CVE-2026-42367",
    "datePublished": "2026-05-04T00:43:37.647Z",
    "dateReserved": "2026-04-26T23:39:08.350Z",
    "dateUpdated": "2026-06-15T19:19:04.750Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-42869 (GCVE-0-2026-42869)

Vulnerability from cvelistv5 – Published: 2026-05-11 18:39 – Updated: 2026-05-12 13:27
VLAI
Title
SOCFortress CoPilot: Hardcoded JWT secret allows unauthenticated full admin compromise and lateral movement into all integrated SOC tools
Summary
SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded JWT signing secret as a fallback value in backend/app/auth/utils.py:28 and ships it verbatim in .env.example. Any deployment where JWT_SECRET is not explicitly set — including the default Docker Compose setup — signs all authentication tokens with this publicly known value. An unauthenticated attacker can forge arbitrary admin-scoped JWTs and gain full control of the application and every security tool it manages without any credentials. This vulnerability is fixed in 0.1.57.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
  • CWE-522 - Insufficiently Protected Credentials
  • CWE-798 - Use of Hard-coded Credentials
Assigner
Impacted products
Vendor Product Version
socfortress CoPilot Affected: < 0.1.57
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42869",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-12T13:27:13.898141Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T13:27:25.252Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/socfortress/CoPilot/security/advisories/GHSA-4gxj-hw3c-3x2x"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CoPilot",
          "vendor": "socfortress",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.1.57"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded JWT signing secret as a fallback value in backend/app/auth/utils.py:28 and ships it verbatim in .env.example. Any deployment where JWT_SECRET is not explicitly set \u2014 including the default Docker Compose setup \u2014 signs all authentication tokens with this publicly known value. An unauthenticated attacker can forge arbitrary admin-scoped JWTs and gain full control of the application and every security tool it manages without any credentials. This vulnerability is fixed in 0.1.57."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522: Insufficiently Protected Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798: Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T18:39:28.664Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/socfortress/CoPilot/security/advisories/GHSA-4gxj-hw3c-3x2x",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/socfortress/CoPilot/security/advisories/GHSA-4gxj-hw3c-3x2x"
        },
        {
          "name": "https://github.com/socfortress/CoPilot/pull/814",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/socfortress/CoPilot/pull/814"
        },
        {
          "name": "https://github.com/socfortress/CoPilot/commit/4640511a0cf2e7b144a71375b5b349a8318cb186",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/socfortress/CoPilot/commit/4640511a0cf2e7b144a71375b5b349a8318cb186"
        }
      ],
      "source": {
        "advisory": "GHSA-4gxj-hw3c-3x2x",
        "discovery": "UNKNOWN"
      },
      "title": "SOCFortress CoPilot: Hardcoded JWT secret allows unauthenticated full admin compromise and lateral movement into all integrated SOC tools"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-42869",
    "datePublished": "2026-05-11T18:39:28.664Z",
    "dateReserved": "2026-04-30T18:49:06.710Z",
    "dateUpdated": "2026-05-12T13:27:25.252Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-42951 (GCVE-0-2026-42951)

Vulnerability from cvelistv5 – Published: 2026-05-29 17:32 – Updated: 2026-05-29 19:43
VLAI
Title
MacGregor Voyage Data Recorder (VDR) G4e Insufficiently Protected Credentials
Summary
An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Date Public
2026-05-28 17:22
Credits
Andrew Tierney of Pen Test Partners reported these vulnerabilities to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42951",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-29T19:42:42.913020Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-29T19:43:09.533Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MacGregor Voyage Data Recorder (VDR) G4e",
          "vendor": "Danelec",
          "versions": [
            {
              "lessThan": "5.250",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Andrew Tierney of Pen Test Partners reported these vulnerabilities to CISA."
        }
      ],
      "datePublic": "2026-05-28T17:22:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan\u003eAn authenticated\u003c/span\u003e\n\u003cspan\u003euser can download a backup of the\u0026nbsp;\u003c/span\u003e\u003cspan\u003eDanelec MacGregor Voyage Data Recorder\u003c/span\u003e\n\n\n\u003cspan\u003edevice which includes account data and password hashes.\u003c/span\u003e"
            }
          ],
          "value": "An authenticated\nuser can download a backup of the\u00a0Danelec MacGregor Voyage Data Recorder\n\n\ndevice which includes account data and password hashes."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-29T17:32:11.492Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.danelec.com/contact"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-01"
        },
        {
          "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-01.json"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan\u003eDanelec has released firmware version V5.250 to resolve these vulnerabilities. Users of MacGregor Voyage Data Recorder (VDR) G4e devices are encouraged to update the firmware at the earliest service attendance rather than waiting for an annual performance test. Contact Danelec with additional questions:\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://www.danelec.com/contact\"\u003ehttps://www.danelec.com/contact\u003c/a\u003e"
            }
          ],
          "value": "Danelec has released firmware version V5.250 to resolve these vulnerabilities. Users of MacGregor Voyage Data Recorder (VDR) G4e devices are encouraged to update the firmware at the earliest service attendance rather than waiting for an annual performance test. Contact Danelec with additional questions:\u00a0 https://www.danelec.com/contact"
        }
      ],
      "source": {
        "advisory": "ICSA-26-148-01",
        "discovery": "EXTERNAL"
      },
      "title": "MacGregor Voyage Data Recorder (VDR) G4e Insufficiently Protected Credentials",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2026-42951",
    "datePublished": "2026-05-29T17:32:11.492Z",
    "dateReserved": "2026-05-07T16:55:26.102Z",
    "dateUpdated": "2026-05-29T19:43:09.533Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4387 (GCVE-0-2026-4387)

Vulnerability from cvelistv5 – Published: 2026-05-29 18:28 – Updated: 2026-06-01 16:26
VLAI
Title
Unencrypted storage of authentication state in StrongDM Desktop Application state.kv file
Summary
StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\<username>\.sdm\state.kv. The file is protected only by default user-level NTFS permissions. Exploitation requires local read access to the affected user's profile directory and additional deployment and execution conditions on the target host. The condition was reported through coordinated disclosure by Hope Walker (SpecterOps).
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-312 - Cleartext Storage of Sensitive Information
  • CWE-522 - Insufficiently Protected Credentials
Assigner
Impacted products
Credits
Hope Walker, SpecterOps
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4387",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-29T19:49:18.108657Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-29T19:49:33.218Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "StrongDM Desktop Application",
          "vendor": "StrongDM",
          "versions": [
            {
              "lessThan": "23.74.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "StrongDM Desktop Client",
          "vendor": "StrongDM",
          "versions": [
            {
              "lessThan": "53.77.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Hope Walker, SpecterOps"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eStrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at \u003ccode\u003eC:\\Users\\\u0026lt;username\u0026gt;\\.sdm\\state.kv\u003c/code\u003e. The file is protected only by default user-level NTFS permissions.\u003c/p\u003e\u003cp\u003eExploitation requires local read access to the affected user\u0027s profile directory and additional deployment and execution conditions on the target host.\u003c/p\u003e\u003cp\u003eThe condition was reported through coordinated disclosure by Hope Walker (SpecterOps).\u003c/p\u003e"
            }
          ],
          "value": "StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\\Users\\\u003cusername\u003e\\.sdm\\state.kv. The file is protected only by default user-level NTFS permissions.\n\n\n\nExploitation requires local read access to the affected user\u0027s profile directory and additional deployment and execution conditions on the target host.\n\n\n\nThe condition was reported through coordinated disclosure by Hope Walker (SpecterOps)."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker with local read access to the affected user\u0027s profile directory may obtain authentication state stored in the state.kv file. Under specific deployment and execution conditions, the recovered material could be used to authenticate against StrongDM-brokered resources as the affected user."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 2,
            "baseSeverity": "LOW",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-312",
              "description": "CWE-312 Cleartext Storage of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522 Insufficiently Protected Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T16:26:35.443Z",
        "orgId": "ebf2cdfb-f390-4894-8ec9-f81bf1c57e6b",
        "shortName": "StrongDM"
      },
      "references": [
        {
          "name": "StrongDM Security Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.strongdm.com/?tcuUid=56fde839-9388-4361-8d3b-9baa7b2de2ed"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://specterops.io/blog/2026/06/01/cve-2026-4387-strongdm-state-file-reuse/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUpgrade the StrongDM Desktop Application to version 23.74.0 or later (Desktop Client 53.77.0 or later). The fixed release protects the state.kv file at rest using a platform-native data-protection mechanism (Windows DPAPI on Windows).\u003c/p\u003e"
            }
          ],
          "value": "Upgrade the StrongDM Desktop Application to version 23.74.0 or later (Desktop Client 53.77.0 or later). The fixed release protects the state.kv file at rest using a platform-native data-protection mechanism (Windows DPAPI on Windows)."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-05-19T00:00:00.000Z",
          "value": "Initial coordinated disclosure submission received from SpecterOps."
        },
        {
          "lang": "en",
          "time": "2025-12-12T00:00:00.000Z",
          "value": "Vendor reproduction testing performed on StrongDM Desktop Application 23.51.0."
        },
        {
          "lang": "en",
          "time": "2026-04-01T00:00:00.000Z",
          "value": "Fix released in StrongDM Desktop Application 23.74.0 / Desktop Client 53.77.0."
        },
        {
          "lang": "en",
          "time": "2026-04-01T13:20:00.000Z",
          "value": "Patch validation completed; condition not reproducible on the fixed release."
        },
        {
          "lang": "en",
          "time": "2026-05-30T00:00:00.000Z",
          "value": "Public disclosure and CVE publication."
        }
      ],
      "title": "Unencrypted storage of authentication state in StrongDM Desktop Application state.kv file",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebf2cdfb-f390-4894-8ec9-f81bf1c57e6b",
    "assignerShortName": "StrongDM",
    "cveId": "CVE-2026-4387",
    "datePublished": "2026-05-29T18:28:00.572Z",
    "dateReserved": "2026-03-18T13:52:47.802Z",
    "dateUpdated": "2026-06-01T16:26:35.443Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-43992 (GCVE-0-2026-43992)

Vulnerability from cvelistv5 – Published: 2026-05-12 16:25 – Updated: 2026-05-13 14:38
VLAI
Title
JunoClaw: MCP write tools exposed raw BIP-39 mnemonic as a tool-call parameter
Summary
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted 'mnemonic: string' as an explicit tool-call parameter. The BIP-39 seed was consequently embedded in the LLM tool-call JSON, exposing it to any transport, log, or telemetry surface in the path between the LLM provider and the MCP process. This vulnerability is fixed in 0.x.y-security-1.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-312 - Cleartext Storage of Sensitive Information
  • CWE-522 - Insufficiently Protected Credentials
  • CWE-532 - Insertion of Sensitive Information into Log File
Assigner
Impacted products
Vendor Product Version
Dragonmonk111 junoclaw Affected: < v0.x.y-security-1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-43992",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T14:34:03.835477Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T14:38:16.906Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "junoclaw",
          "vendor": "Dragonmonk111",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c v0.x.y-security-1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted \u0027mnemonic: string\u0027 as an explicit tool-call parameter. The BIP-39 seed was consequently embedded in the LLM tool-call JSON, exposing it to any transport, log, or telemetry surface in the path between the LLM provider and the MCP process. This vulnerability is fixed in 0.x.y-security-1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-312",
              "description": "CWE-312: Cleartext Storage of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522: Insufficiently Protected Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532: Insertion of Sensitive Information into Log File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-12T16:25:30.868Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-j75q-8xvm-6c48",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-j75q-8xvm-6c48"
        },
        {
          "name": "https://github.com/Dragonmonk111/junoclaw/commit/339701e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Dragonmonk111/junoclaw/commit/339701e"
        },
        {
          "name": "https://github.com/Dragonmonk111/junoclaw/releases/tag/v0.x.y-security-1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Dragonmonk111/junoclaw/releases/tag/v0.x.y-security-1"
        }
      ],
      "source": {
        "advisory": "GHSA-j75q-8xvm-6c48",
        "discovery": "UNKNOWN"
      },
      "title": "JunoClaw: MCP write tools exposed raw BIP-39 mnemonic as a tool-call parameter"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-43992",
    "datePublished": "2026-05-12T16:25:30.868Z",
    "dateReserved": "2026-05-04T20:24:31.917Z",
    "dateUpdated": "2026-05-13T14:38:16.906Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-44622 (GCVE-0-2026-44622)

Vulnerability from cvelistv5 – Published: 2026-06-25 20:53 – Updated: 2026-06-26 13:04
VLAI
Title
EVoke Systems EVoke CSMS Insufficiently Protected Credentials
Summary
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
EVoke EVoke CSMS Affected: All versions (custom)
Create a notification for this product.
Date Public
2026-06-26 04:18
Credits
Khaled Sarieddine and Mohammad Ali Sayed reported this vulnerability to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44622",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-26T13:04:34.334047Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-522",
                "description": "CWE-522 Insufficiently Protected Credentials",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-26T13:04:38.134Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "EVoke CSMS",
          "vendor": "EVoke",
          "versions": [
            {
              "status": "affected",
              "version": "All versions",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Khaled Sarieddine and Mohammad Ali Sayed reported this vulnerability to CISA."
        }
      ],
      "datePublic": "2026-06-26T04:18:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Charging station authentication identifiers are publicly accessible via web-based mapping platforms."
            }
          ],
          "value": "Charging station authentication identifiers are publicly accessible via web-based mapping platforms."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-25T20:53:17.163Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://evokesystems.com/contact-us/"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-02"
        },
        {
          "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-02.json"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "EVoke states that as a hardware-agnostic platform supporting multiple charger Original Equipment Manufacturers OEMs, EVoke must interoperate with EVSE devices that support different OCPP security profiles depending on the firmware capabilities of the charger. EVoke CSMS currently supports all OCPP security profiles (0\u20133). However, the effective security configuration for a charger connection is determined by the security profile implemented in the EVSE firmware. Some legacy chargers deployed in the network support only Security Profile 0 or 1. These chargers were installed prior to the broader industry adoption of stronger authentication mechanisms defined in OCPP Security Profiles 2 and 3. EVoke is actively working with charger OEM partners to migrate supported devices to Security Profile 2 (TLS encryption with basic authentication) or Security Profile 3 (Mutual TLS authentication using client certificates). For OEMs that continue to support firmware updates, EVoke will prioritize upgrades to enable Security Profiles 2 or 3."
            }
          ],
          "value": "EVoke states that as a hardware-agnostic platform supporting multiple charger Original Equipment Manufacturers OEMs, EVoke must interoperate with EVSE devices that support different OCPP security profiles depending on the firmware capabilities of the charger. EVoke CSMS currently supports all OCPP security profiles (0\u20133). However, the effective security configuration for a charger connection is determined by the security profile implemented in the EVSE firmware. Some legacy chargers deployed in the network support only Security Profile 0 or 1. These chargers were installed prior to the broader industry adoption of stronger authentication mechanisms defined in OCPP Security Profiles 2 and 3. EVoke is actively working with charger OEM partners to migrate supported devices to Security Profile 2 (TLS encryption with basic authentication) or Security Profile 3 (Mutual TLS authentication using client certificates). For OEMs that continue to support firmware updates, EVoke will prioritize upgrades to enable Security Profiles 2 or 3."
        },
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "EVoke states that certain legacy charger models deployed on the network are no longer supported by the manufacturer (for example, chargers originally produced by EVBox). These devices cannot be upgraded to support stronger security profiles. For chargers limited to Security Profiles 0 or 1, EVoke is implementing additional server-side protections to mitigate spoofing risks. Allow-listed chargers will only be accepted from chargers whose IDs are registered in the EVoke CSMS inventory database. Unknown charger identifiers will be rejected."
            }
          ],
          "value": "EVoke states that certain legacy charger models deployed on the network are no longer supported by the manufacturer (for example, chargers originally produced by EVBox). These devices cannot be upgraded to support stronger security profiles. For chargers limited to Security Profiles 0 or 1, EVoke is implementing additional server-side protections to mitigate spoofing risks. Allow-listed chargers will only be accepted from chargers whose IDs are registered in the EVoke CSMS inventory database. Unknown charger identifiers will be rejected."
        }
      ],
      "source": {
        "advisory": "ICSA-26-176-02",
        "discovery": "EXTERNAL"
      },
      "title": "EVoke Systems EVoke CSMS Insufficiently Protected Credentials",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "EVoke states that to reduce the risk of duplicate sessions, only a single active connection per charger ID will be permitted. If a second connection using the same charger ID is detected, the new connection will be rejected or the previous session will be terminated. This prevents unauthorized actors from establishing parallel sessions using spoofed charger identifiers."
            }
          ],
          "value": "EVoke states that to reduce the risk of duplicate sessions, only a single active connection per charger ID will be permitted. If a second connection using the same charger ID is detected, the new connection will be rejected or the previous session will be terminated. This prevents unauthorized actors from establishing parallel sessions using spoofed charger identifiers."
        },
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "EVoke states that the platform will monitor session anomalies including repeated connection attempts, unexpected IP address changes, and abnormal message patterns. Security events will be logged and flagged for operational review."
            }
          ],
          "value": "EVoke states that the platform will monitor session anomalies including repeated connection attempts, unexpected IP address changes, and abnormal message patterns. Security events will be logged and flagged for operational review."
        },
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "EVoke states that to address the risk of denial-of-service via repeated authentication attempts, EVoke will implement connection rate limiting at the WebSocket gateway layer. These controls will restrict excessive connection attempts from the same source and temporarily block abusive traffic patterns."
            }
          ],
          "value": "EVoke states that to address the risk of denial-of-service via repeated authentication attempts, EVoke will implement connection rate limiting at the WebSocket gateway layer. These controls will restrict excessive connection attempts from the same source and temporarily block abusive traffic patterns."
        },
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "EVoke states they are developing a lifecycle policy for legacy chargers that cannot support modern OCPP security profiles. This policy will include identification of unsupported EVSE models and risk classification Migration planning with site operators where possible"
            }
          ],
          "value": "EVoke states they are developing a lifecycle policy for legacy chargers that cannot support modern OCPP security profiles. This policy will include identification of unsupported EVSE models and risk classification Migration planning with site operators where possible"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2026-44622",
    "datePublished": "2026-06-25T20:53:17.163Z",
    "dateReserved": "2026-06-18T19:23:06.063Z",
    "dateUpdated": "2026-06-26T13:04:38.134Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-45091 (GCVE-0-2026-45091)

Vulnerability from cvelistv5 – Published: 2026-05-12 13:20 – Updated: 2026-05-12 14:39
VLAI
Title
sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)
Summary
sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encoded JSON, NOT encrypted. Any party who could observe a minted token (CI build logs, container env dumps, kubectl describe pod, Sentry/Rollbar stack traces, log aggregators) could decode the payload and extract the TOTP secret in plaintext. This vulnerability is fixed in 0.1.0-alpha.4.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-522 - Insufficiently Protected Credentials
Assigner
References
Impacted products
Vendor Product Version
davidalmeidac sealed-env Affected: < 0.1.0-alpha.4
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-45091",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-12T14:38:56.109361Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T14:39:10.904Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "sealed-env",
          "vendor": "davidalmeidac",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.1.0-alpha.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator\u0027s literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encoded JSON, NOT encrypted. Any party who could observe a minted token (CI build logs, container env dumps, kubectl describe pod, Sentry/Rollbar stack traces, log aggregators) could decode the payload and extract the TOTP secret in plaintext. This vulnerability is fixed in 0.1.0-alpha.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522: Insufficiently Protected Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-12T13:20:21.560Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/davidalmeidac/sealed-env/security/advisories/GHSA-x3r2-fj3r-g5mv",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/davidalmeidac/sealed-env/security/advisories/GHSA-x3r2-fj3r-g5mv"
        }
      ],
      "source": {
        "advisory": "GHSA-x3r2-fj3r-g5mv",
        "discovery": "UNKNOWN"
      },
      "title": "sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-45091",
    "datePublished": "2026-05-12T13:20:21.560Z",
    "dateReserved": "2026-05-08T19:27:26.698Z",
    "dateUpdated": "2026-05-12T14:39:10.904Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation

Phase: Architecture and Design

Description:

  • Use an appropriate security mechanism to protect the credentials.
Mitigation

Phase: Architecture and Design

Description:

  • Make appropriate use of cryptography to protect the credentials.
Mitigation

Phase: Implementation

Description:

  • Use industry standards to protect the credentials (e.g. LDAP, keystore, etc.).
CAPEC-102: Session Sidejacking

Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.

CAPEC-474: Signature Spoofing by Key Theft

An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

CAPEC-50: Password Recovery Exploitation

An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure.

CAPEC-509: Kerberoasting

Through the exploitation of how service accounts leverage Kerberos authentication with Service Principal Names (SPNs), the adversary obtains and subsequently cracks the hashed credentials of a service account target to exploit its privileges. The Kerberos authentication protocol centers around a ticketing system which is used to request/grant access to services and to then access the requested services. As an authenticated user, the adversary may request Active Directory and obtain a service ticket with portions encrypted via RC4 with the private key of the authenticated account. By extracting the local ticket and saving it disk, the adversary can brute force the hashed value to reveal the target account credentials.

CAPEC-551: Modify Existing Service

When an operating system starts, it also starts programs called services or daemons. Modifying existing services may break existing services or may enable services that are disabled/not commonly used.

CAPEC-555: Remote Services with Stolen Credentials

This pattern of attack involves an adversary that uses stolen credentials to leverage remote services such as RDP, telnet, SSH, and VNC to log into a system. Once access is gained, any number of malicious activities could be performed.

CAPEC-560: Use of Known Domain Credentials

An adversary guesses or obtains (i.e. steals or purchases) legitimate credentials (e.g. userID/password) to achieve authentication and to perform authorized actions under the guise of an authenticated user or service.

CAPEC-561: Windows Admin Shares with Stolen Credentials

An adversary guesses or obtains (i.e. steals or purchases) legitimate Windows administrator credentials (e.g. userID/password) to access Windows Admin Shares on a local machine or within a Windows domain.

CAPEC-600: Credential Stuffing

An adversary tries known username/password combinations against different systems, applications, or services to gain additional authenticated access. Credential Stuffing attacks rely upon the fact that many users leverage the same username/password combination for multiple systems, applications, and services.

CAPEC-644: Use of Captured Hashes (Pass The Hash)

An adversary obtains (i.e. steals or purchases) legitimate Windows domain credential hash values to access systems within the domain that leverage the Lan Man (LM) and/or NT Lan Man (NTLM) authentication protocols.

CAPEC-645: Use of Captured Tickets (Pass The Ticket)

An adversary uses stolen Kerberos tickets to access systems/resources that leverage the Kerberos authentication protocol. The Kerberos authentication protocol centers around a ticketing system which is used to request/grant access to services and to then access the requested services. An adversary can obtain any one of these tickets (e.g. Service Ticket, Ticket Granting Ticket, Silver Ticket, or Golden Ticket) to authenticate to a system/resource without needing the account's credentials. Depending on the ticket obtained, the adversary may be able to access a particular resource or generate TGTs for any account within an Active Directory Domain.

CAPEC-652: Use of Known Kerberos Credentials

An adversary obtains (i.e. steals or purchases) legitimate Kerberos credentials (e.g. Kerberos service account userID/password or Kerberos Tickets) with the goal of achieving authenticated access to additional systems, applications, or services within the domain.

CAPEC-653: Use of Known Operating System Credentials

An adversary guesses or obtains (i.e. steals or purchases) legitimate operating system credentials (e.g. userID/password) to achieve authentication and to perform authorized actions on the system, under the guise of an authenticated user or service. This applies to any Operating System.

Back to CWE stats page