Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CVEs (882)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-5462 1Broadcom 1Fabric Operating System Feb 23, 2026 Feb 15, 2025 5.3 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed i...Show more If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords is not enabled. An attacker can use these passwords to fetch values of the supported OIDs via SNMPv3 queries. There are also a limited number of MIB objects that can be modified.Show less
CVE-2025-1060 - - Feb 13, 2025 Feb 13, 2025 8.7 HIGH· v4 7.5 HIGH· v3 N/A· v2 CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists that could result in the exposure of data when network traffic is being sniffed by an attacker.
CVE-2025-0556 1Progress 1Telerik Report Server Feb 20, 2025 Feb 12, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host p...Show more In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local network traffic sniffing.Show less
CVE-2024-36558 - - Mar 19, 2025 Feb 6, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h suffers from Cleartext Transmission of Sensitive Information due to lack of encryption in device-server communication.
CVE-2024-43187 1Ibm 2Security Verify Access Security Verify Access Docker Dec 15, 2025 Feb 4, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
CVE-2025-23060 1Arubanetworks 1Clearpass Policy Manager Mar 28, 2025 Feb 4, 2025 N/A· v4 8.1 HIGH· v3 N/A· v2 A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-m...Show more A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering.Show less
CVE-2023-35017 1Ibm 1Security Verify Governance Mar 4, 2025 Jan 29, 2025 N/A· v4 5.9 MEDIUM· v3 N/A· v2 IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear text that could be obtained by an attacker using man in the middle techniques.
CVE-2025-0784 1Intelbras 1Incontrol Web Aug 20, 2025 Jan 28, 2025 6.3 MEDIUM· v4 5.9 MEDIUM· v3 2.6 LOW· v2 A vulnerability has been found in Intelbras InControl up to 2.21.58 and classified as problematic. This vulnerability affects unknown code of the file /v1/usuario/ of the component Registered User Handler. The manipulati...Show more A vulnerability has been found in Intelbras InControl up to 2.21.58 and classified as problematic. This vulnerability affects unknown code of the file /v1/usuario/ of the component Registered User Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.59 is able to address this issue. It is recommended to upgrade the affected component.Show less
CVE-2025-0631 - - Jan 28, 2025 Jan 28, 2025 8.7 HIGH· v4 N/A· v3 N/A· v2 A Credential Exposure Vulnerability exists in the above-mentioned product and version. The vulnerability is due to using HTTP resulting in credentials being sent in clear text.
CVE-2025-0432 - - Jan 28, 2025 Jan 28, 2025 6.9 MEDIUM· v4 5.7 MEDIUM· v3 N/A· v2 EWON Flexy 202 transmits user credentials in clear text with no encryption when a user is added, or user credentials are changed via its webpage.
CVE-2024-28786 1Ibm 1Qradar Security Information And Event Manager Jul 25, 2025 Jan 28, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM QRadar SIEM 7.5 transmits sensitive or security-critical data in cleartext in a communication channel that could be obtained by an unauthorized actor using man in the middle techniques.
CVE-2024-41757 1Ibm 1Concert Sep 29, 2025 Jan 24, 2025 N/A· v4 5.9 MEDIUM· v3 N/A· v2 IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to...Show more IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.Show less
CVE-2024-26155 1Etictelecom 1Remote Access Server Firmware Jul 30, 2025 Jan 17, 2025 6.1 MEDIUM· v4 8.6 HIGH· v3 N/A· v2 All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be...Show more All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden, thus allowing a connection to the ETIC RAS ssh server, which could enable an attacker to perform actions on the device.Show less
CVE-2024-48121 - - Feb 3, 2025 Jan 15, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The HI-SCAN 6040i Hitrax HX-03-19-I was discovered to transmit user credentials in cleartext over the GIOP protocol. This allows attackers to possibly gain access to sensitive information via a man-in-the-middle attack.
CVE-2024-45102 - - Jan 14, 2025 Jan 14, 2025 N/A· v4 6.8 MEDIUM· v3 N/A· v2 A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On (SSO) provider for XCC...Show more A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On (SSO) provider for XCC instances.Show less
CVE-2024-42181 1Hcltech 1Dryice Myxalytics May 16, 2025 Jan 12, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 HCL MyXalytics is affected by a cleartext transmission of sensitive information vulnerability. The application transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by...Show more HCL MyXalytics is affected by a cleartext transmission of sensitive information vulnerability. The application transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.Show less
CVE-2024-46505 - - Jan 23, 2025 Jan 9, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities.
CVE-2024-11946 1Ixsystems 1Truenas Firmware Aug 18, 2025 Dec 30, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected in...Show more iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from the use of an insecure protocol to deliver updates. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-25668.Show less
CVE-2021-39081 1Ibm 1Cognos Analytics Mobile Jul 29, 2025 Dec 19, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2024-10973 - - Dec 17, 2024 Dec 17, 2024 N/A· v4 5.7 MEDIUM· v3 N/A· v2 A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has acc...Show more A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information.Show less

Previous 1...91011...45 Next