CVEbaza.plSłownik CWECWE-555
Common Weakness Enumeration

CWE-555

J2EE Misconfiguration: Plaintext Password in Configuration File

Kategoria: VariantCVE: 2
Opis

Aplikacja J2EE przechowuje hasło w postaci zwykłego tekstu w pliku konfiguracyjnym. Stanowi to poważne zagrożenie bezpieczeństwa, umożliwiające nieautoryzowanym osobom uzyskanie dostępu do wrażliwych zasobów.

Description (EN)

The J2EE application stores a plaintext password in a configuration file.

Podatności CVE z CWE-555 (2)
6.3
CVSS
MEDIUM
CVE-2025-46119

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrator password in a trivially reversible obfuscated form. The same obfuscation method persists in configuration prior to 200.18.7.1.302, allowing anyone who obtains the system configuration to recover the plaintext credentials.

pub. 2025-07-21
4.3
CVSS
MEDIUM
CVE-2023-20059

A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper role-based access control (RBAC) with the integration of PnP. An attacker could exploit this vulnerability by authenticating to the device and sending a query to an internal API. A successful exploit could allow the attacker to view sensitive information in clear text, which could include configuration files.

pub. 2023-03-23
Informacje
ID: CWE-555
Typ: Variant
Podatności: 2
MITRE CWE ↗
← Słownik CWE