Snare for Linux before 1.7.0 has password disclosure because the rendered page contains the field RemotePassword. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. Users of out-of-date versions are presented with a pop-up window for a parallels_updates.xml file on the web site.Ĥ 389 Directory Server, Hp-ux Directory Server, Directory Server and 1 moreģ89 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log.
NEOLOAD 6.9 UPDATE
Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system.Ī security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration.įireGPG before 0.6 handle user’s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users’s private key.Ĭisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartext allowing remote attackers to obtain sensitive information.
NEOLOAD 6.9 SOFTWARE
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext.
The AD Helper component in WatchGuard Fireware before 5.7 allows remote attackers to discover cleartext passwords via the /domains/list URI.Ħ Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 3 more This could allow an attacker to retrieve all passwords and possibly gain elevated privileges. The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.Ħ Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more Admin users can retrieve the LDAP server system username/password (as configured in nxrm) in cleartext. Once the backup is older than 24 hours the OAuth tokens are no longer valid.Īn issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line in the last 24 hours. This allows re-identification of devices, especially less common phone models or those in low-density situations.Ī flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data.
NEOLOAD 6.9 APK
The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup.
NEOLOAD 6.9 PRO
A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data.Ĥ Homey, Homey Firmware, Homey Pro and 1 moreĪn issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0.
0 kommentar(er)
