CVEbaza.plSłownik CWECWE-317
Common Weakness Enumeration

CWE-317

Cleartext Storage of Sensitive Information in GUI

Kategoria: VariantCVE: 8
Opis

Produkt przechowuje poufne informacje w postaci niezaszyfrowanego tekstu w interfejsie graficznym użytkownika. Stanowi to zagrożenie bezpieczeństwa, gdyż dane wrażliwe mogą być łatwo dostępne dla nieuprawnionych osób.

Description (EN)

The product stores sensitive information in cleartext within the GUI.

Podatności CVE z CWE-317 (8)
9.3
CVSS
CRITICAL
CVE-2025-14816

Podatność klasy CWE-317 w szeregu produktów Mitsubishi Electric i Iconics Digital Solutions powoduje wyświetlanie poświadczeń do serwera SQL w postaci jawnego tekstu (cleartext) w interfejsie graficznym funkcji Hyper Historian Splitter. Lokalny atakujący może odczytać te dane i uzyskać nieautoryzowany dostęp do bazy danych, co niesie poważne ryzyko dla integralności i dostępności danych przemysłowych.

pub. 2026-04-08
8.6
CVSS
HIGH
CVE-2026-27516

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior expose user passwords in plaintext within the administrative interface and HTTP responses, allowing recovery of valid credentials.

pub. 2026-02-24
8.5
CVSS
HIGH
CVE-2022-29090

Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data Exposure vulnerability. A low privileged malicious user could potentially exploit this vulnerability in order to obtain credentials. The attacker may be able to use the exposed credentials to access the target device and perform unauthorized actions.

pub. 2022-08-10
7.3
CVSS
HIGH
CVE-2022-0354

A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window.

pub. 2022-04-22
7.1
CVSS
HIGH
CVE-2026-24431

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials.

pub. 2026-01-26
4.9
CVSS
MEDIUM
CVE-2019-13947

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the Control Center Server (CCS) transfers user passwords in clear to the client (browser). An attacker with administrative privileges for the web interface could be able to read (and not only reset) passwords of other CCS users.

pub. 2019-12-12
4.3
CVSS
MEDIUM
CVE-2021-34750

A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an affected device. This vulnerability is due to lack of proper encryption of sensitive information stored within the GUI configuration manager. An attacker could exploit this vulnerability by logging into the FMC GUI and navigating to certain sensitive configurations. A successful exploit could allow the attacker to view sensitive configuration parameters in clear text.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.[[Publication_URL{Layout()}]]This advisory is part of the October 2021 release of the Cisco&nbsp;ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see .

pub. 2024-11-15
4.3
CVSS
MEDIUM
CVE-2021-34751

A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an affected device. This vulnerability exists because of improper encryption of sensitive information stored within the GUI configuration manager. An attacker could exploit this vulnerability by logging into the GUI of Cisco FMC Software and navigating to certain sensitive configurations. A successful exploit could allow the attacker to view sensitive configuration parameters in clear text.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.[[Publication_URL{Layout()}]]This advisory is part of the October 2021 release of the Cisco&nbsp;ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see .&nbsp;

pub. 2024-11-15
Informacje
ID: CWE-317
Typ: Variant
Podatności: 8
MITRE CWE ↗
← Słownik CWE