Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-312
Total 381 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-1877 1 Ibm 1 Robotic Process Automation With Automation Anywhere 2019-10-09 2.1 LOW 7.8 HIGH
IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713.
CVE-2018-1621 1 Ibm 1 Websphere Application Server 2019-10-09 2.1 LOW 6.7 MEDIUM
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346.
CVE-2018-17499 1 Envoy 1 Passport 2019-10-09 2.1 LOW 5.5 MEDIUM
Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and other sensitive information.
CVE-2018-17489 1 Hidglobal 1 Easylobby Solo 2019-10-09 2.1 LOW 5.5 MEDIUM
EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. By visiting the kiosk and viewing the Visitor table of the database, an attacker could exploit this vulnerability to view stored social security numbers.
CVE-2018-10871 2 Debian, Fedoraproject 2 Debian Linux, 389 Directory Server 2019-10-09 4.0 MEDIUM 7.2 HIGH
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.
CVE-2018-0089 1 Cisco 1 Policy Suite 2019-10-09 5.0 MEDIUM 7.5 HIGH
A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The attacker would also have to have access to the internal VLAN where CPS is deployed. The vulnerability is due to incorrect permissions of certain system files and not sufficiently protecting sensitive data that is at rest. An attacker could exploit the vulnerability by using certain tools available on the internal network interface to request and view system files. An exploit could allow the attacker to find out sensitive information about the application. Cisco Bug IDs: CSCvf77666.
CVE-2017-9663 1 Gm 1 Shanghai Onstar 2019-10-09 5.0 MEDIUM 7.5 HIGH
An Cleartext Storage of Sensitive Information issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow a remote attacker to access an encryption key that is stored in cleartext in memory.
CVE-2017-5249 1 Wink 1 Wink 2019-10-09 5.0 MEDIUM 9.8 CRITICAL
In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.
CVE-2017-5250 1 Insteon 1 Insteon For Hub 2019-10-09 5.0 MEDIUM 9.8 CRITICAL
In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.
CVE-2017-13663 1 Ismartalarm 2 Cubeone, Cubeone Firmware 2019-10-02 5.0 MEDIUM 7.5 HIGH
Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key.
CVE-2017-1309 1 Ibm 1 Infosphere Master Data Management Server 2019-10-02 2.1 LOW 7.8 HIGH
IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463.
CVE-2018-19279 2 Microsoft, Primx 2 Windows, Zonecentral 2019-10-02 2.1 LOW 4.3 MEDIUM
PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater.
CVE-2017-14990 2 Debian, Wordpress 2 Debian Linux, Wordpress 2019-10-02 4.0 MEDIUM 6.5 MEDIUM
WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability).
CVE-2018-8947 1 Laravel Log Viewer Project 1 Laravel Log Viewer 2019-10-02 5.0 MEDIUM 7.5 HIGH
rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request.
CVE-2018-9065 1 Lenovo 1 Xclarity Administrator 2019-10-02 3.5 LOW 7.5 HIGH
In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended.
CVE-2017-16835 1 Photo\,video Locker-calculator Project 1 Photo\,video Locker-calculator 2019-10-02 5.0 MEDIUM 7.5 HIGH
The "Photo,Video Locker-Calculator" application 12.0 for Android has android:allowBackup="true" in AndroidManifest.xml, which allows attackers to obtain sensitive cleartext information via an "adb backup '-f smart.calculator.gallerylock'" command.
CVE-2018-10812 1 Bitpie 1 Bitcoin Wallet 2019-10-02 1.9 LOW 4.1 MEDIUM
The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read /com.biepie/shared_prefs/com.bitpie_preferences.xml (on Android) or a plist file in the app data folder (on iOS).
CVE-2017-2723 1 Huawei 1 Files 2019-10-02 2.1 LOW 6.7 MEDIUM
The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. An attacker with the root privilege of an Android system could forge the Safe to read users' plaintext Safe passwords, leading to information leak.
CVE-2018-11242 1 Makemytrip 1 Makemytrip 2019-10-02 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.
CVE-2018-18641 1 Gitlab 1 Gitlab 2019-10-02 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information.