CVEbaza.plCWE DictionaryCWE-256
Common Weakness Enumeration

CWE-256

Plaintext Storage of a Password

Category: BaseCVE: 210
Description

The product stores a password in plaintext within resources such as memory or files.

CVE vulnerabilities with CWE-256 (210)
10.0
CVSS
CRITICAL
CVE-2020-6961

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability exists in the affected products that could allow an attacker to obtain access to the SSH private key in configuration files.

pub. 2020-01-24
9.8
CVSS
CRITICAL
CVE-2024-55026

An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request.

pub. 2026-03-03
9.8
CVSS
CRITICAL
CVE-2025-6561

Certain hybrid DVR models ((HBF-09KD and HBF-16NK)) from Hunt Electronic have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials.

pub. 2025-06-26
9.8
CVSS
CRITICAL
CVE-2025-27656

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Password Stored in Process List V-2023-011.

pub. 2025-03-05
9.8
CVSS
CRITICAL
CVE-2025-27662

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Password in URL OVE-20230524-0005.

pub. 2025-03-05
9.8
CVSS
CRITICAL
CVE-2024-5960

Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials. This issue affects Panel: before v2.3.24.

pub. 2024-09-18
9.8
CVSS
CRITICAL
CVE-2024-33375

LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's firmware.

pub. 2024-06-14
9.8
CVSS
CRITICAL
CVE-2024-36081

Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network.

pub. 2024-05-19
9.8
CVSS
CRITICAL
CVE-2024-23486

Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials.

pub. 2024-04-15
9.8
CVSS
CRITICAL
CVE-2017-16714

In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication.

pub. 2018-09-06
9.8
CVSS
CRITICAL
CVE-2018-8851

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface.

pub. 2018-07-24
9.8
CVSS
CRITICAL
CVE-2018-7510

In the web application in BeaconMedaes TotalAlert Scroll Medical Air Systems running software versions prior to 4107600010.23, passwords are presented in plaintext in a file that is accessible without authentication.

pub. 2018-06-06
9.8
CVSS
CRITICAL
CVE-2017-7913

A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application's configuration file contains parameters that represent passwords in plaintext.

pub. 2017-05-29
9.4
CVSS
CRITICAL
CVE-2025-34210

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store a large number of sensitive credentials (database passwords, MySQL root password, SaaS keys, Portainer admin password, etc.) in cleartext files that are world-readable. Any local user - or any process that can read the host filesystem - can retrieve all of these secrets in plain text, leading to credential theft and full compromise of the appliance. The vendor does not consider this to be a security vulnerability as this product "follows a shared responsibility model, where administrators are expected to configure persistent storage encryption."

pub. 2025-10-02
9.3
CVSS
CRITICAL
CVE-2025-15624

Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.  In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext.

pub. 2026-04-17
9.3
CVSS
CRITICAL
CVE-2025-15113

Ksenia Security lares (legacy model) Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary code on the home automation system's web server.

pub. 2025-12-30
9.3
CVSS
CRITICAL
CVE-2025-6560

Multiple wireless router models from Sapido have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials.  The affected models are out of support; replacing the device is recommended.

pub. 2025-06-24
9.3
CVSS
CRITICAL
CVE-2025-5893

Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access a specific page and obtain plaintext administrator credentials.

pub. 2025-06-09
9.3
CVSS
CRITICAL
CVE-2024-6118

A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file.

pub. 2024-08-05
9.2
CVSS
CRITICAL
CVE-2026-35556

OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information.

pub. 2026-04-09
Showing 20 of 210 vulnerabilities
Information
ID: CWE-256
Type: Base
Vulnerabilities: 210
MITRE CWE ↗
← CWE Dictionary
CWE-256 — Plaintext Storage of a Password | CWE Dictionary | CVEbaza.pl