cleartext software vulnerabilities
vulnerabilities.aspcode.net
Searching cleartext software vulnerabilities
Hummingbird Exceed 6.0.1.0 inadvertently includ
Hummingbird
|
Exceed
|
Hummingbird Exceed 6.0.1.0 inadvertently includes a DLL that was meant for development and testing, which logs user names and passwords in cleartext in the test.log file.
RealSystem G2 server stores the administrator p
world-readable
|
administrator
|
configuration
|
RealSystem
|
privileges
|
cleartext
|
password
|
allows
|
stores
|
server
|
users
|
local
|
which
|
gain
|
file
|
RealSystem G2 server stores the administrator password in cleartext in a world-readable configuration file, which allows local users to gain privileges.
Triactive Remote Manager with Basic authenticat
authentication
|
privileges
|
cleartext
|
Triactive
|
username
|
password
|
registry
|
Manager
|
enabled
|
stores
|
Remote
|
local
|
users
|
Basic
|
allow
|
which
|
could
|
keys
|
gain
|
Triactive Remote Manager with Basic authentication enabled stores the username and password in cleartext in registry keys, which could allow local users to gain privileges.
genkey utility in Alibaba 2.0 generates RSA key
transactions
|
generates
|
cleartext
|
exponent
|
results
|
Alibaba
|
utility
|
genkey
|
which
|
pairs
|
sent
|
RSA
|
key
|
genkey utility in Alibaba 2.0 generates RSA key pairs with an exponent of 1, which results in transactions that are sent in cleartext.
Eastman Work Management 3.21 stores passwords i
Management
|
Eastman
|
Work
|
Eastman Work Management 3.21 stores passwords in cleartext in the COMMON and LOCATOR registry keys, which could allow local users to gain privileges.
Netopia Timbuktu Pro sends user IDs and passwor
passwords
|
cleartext
|
attackers
|
Timbuktu
|
sniffing
|
Netopia
|
allows
|
obtain
|
remote
|
sends
|
which
|
them
|
user
|
Pro
|
via
|
IDs
|
Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which allows remote attackers to obtain them via sniffing.
ZoneAlarm sends sensitive system and network in
information
|
cleartext
|
sensitive
|
ZoneAlarm
|
requests
|
network
|
server
|
system
|
sends
|
event
|
more
|
Zone
|
Labs
|
user
|
ZoneAlarm sends sensitive system and network information in cleartext to the Zone Labs server if a user requests more information about an event.
vqSoft vqServer stores sensitive information su
information
|
privileges
|
passwords
|
cleartext
|
attackers
|
servercfg
|
sensitive
|
vqServer
|
allows
|
vqSoft
|
stores
|
which
|
such
|
gain
|
file
|
vqSoft vqServer stores sensitive information such as passwords in cleartext in the server.cfg file, which allows attackers to gain privileges.
Blackboard CourseInfo 4.0 stores the local and
administrator
|
CourseInfo
|
Blackboard
|
passwords
|
cleartext
|
registry
|
control
|
stores
|
allows
|
access
|
whose
|
names
|
local
|
users
|
user
|
SQL
|
key
|
Blackboard CourseInfo 4.0 stores the local and SQL administrator user names and passwords in cleartext in a registry key whose access control allows users to access the passwords.
REDIPlus program, REDI.exe, stores passwords an
StartLogtxt
|
cleartext
|
passwords
|
accounts
|
REDIPlus
|
REDIexe
|
program
|
allows
|
access
|
stores
|
local
|
other
|
users
|
names
|
which
|
user
|
file
|
gain
|
log
|
REDIPlus program, REDI.exe, stores passwords and user names in cleartext in the StartLog.txt log file, which allows local users to gain access to other accounts.
IBM Websphere Application Server 3.5.3 and earl
Application
|
Websphere
|
Server
|
IBM
|
IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script.
easyNews 1.5 and earlier stores adminstration p
adminstration
|
settingsphp
|
passwords
|
cleartext
|
easyNews
|
earlier
|
allows
|
obtain
|
stores
|
access
|
users
|
which
|
local
|
gain
|
easyNews 1.5 and earlier stores adminstration passwords in cleartext in settings.php, which allows local users to obtain the passwords and gain access.
Yahoo! Messenger 4.0 sends user passwords in cl
privileges
|
passwords
|
cleartext
|
attackers
|
Messenger
|
sniffing
|
remote
|
users
|
other
|
which
|
sends
|
Yahoo
|
could
|
allow
|
gain
|
user
|
via
|
Yahoo! Messenger 4.0 sends user passwords in cleartext, which could allow remote attackers to gain privileges of other users via sniffing.
Greymatter 1.21c and earlier with the Bookmarkl
gmrightclick-*reg
|
administrative
|
administrator
|
Bookmarklet
|
Greymatter
|
privileges
|
retrieving
|
attackers
|
cleartext
|
performs
|
contains
|
guessing
|
password
|
enabled
|
feature
|
earlier
|
"Clear
|
remote
|
server
|
before
|
action
|
allows
|
which
|
Exit"
|
121c
|
read
|
file
|
name
|
gain
|
then
|
web
|
Greymatter 1.21c and earlier with the Bookmarklet feature enabled allows remote attackers to read a cleartext password and gain administrative privileges by guessing the name of a gmrightclick-*.reg file which contains the administrator name and password in cleartext, then retrieving the file from the web server before the Greymatter administrator performs a "Clear And Exit" action.
The Network Attached Storage (NAS) Administrati
Attached
|
Storage
|
Network
|
The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password.
IMail stores usernames and passwords in clearte
information
|
cleartext
|
attackers
|
sensitive
|
usernames
|
passwords
|
remote
|
obtain
|
stores
|
cookie
|
allows
|
IMail
|
which
|
IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information.
Capturix ScanShare 1.06 build 50 stores sensiti
ScanShare
|
Capturix
|
Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users.
Avaya VPNRemote before 4.2.33 stores credential
VPNRemote
|
before
|
Avaya
|
Avaya VPNRemote before 4.2.33 stores credentials in cleartext in process memory, which allows attackers to obtain the VPN user's credentials.
BEA WebLogic Server and WebLogic Express 8.1 SP
WebLogic
|
Express
|
earlier
|
Server
|
BEA
|
SP3
|
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in cleartext (2) on a terminal or (3) in a log file, which might allow local users to obtain cryptographic keys.
JIWA Financials 6.4.14 stores usernames and pas
Financials
|
JIWA
|
JIWA Financials 6.4.14 stores usernames and passwords for all accounts in cleartext in the HR_Staff table in Microsoft SQL Server, and sends the usernames and passwords in cleartext to the application's SQL Server ODBC driver, which might allow context-dependent attackers to obtain the passwords.
Software vulnerabilities results 1 to 20 of 130
Page:
1
2
3
4
5
...
7
►