Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CVEs (882)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-42016 1Ibm 1Sterling B2b Integrator Nov 21, 2024 Feb 9, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie value...Show more IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559.Show less
CVE-2023-32328 1Ibm 1Security Verify Access Nov 3, 2025 Feb 7, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957.
CVE-2023-40544 1Westermo 1L206 F2g Firmware Nov 21, 2024 Feb 6, 2024 N/A· v4 5.7 MEDIUM· v3 N/A· v2 An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications.
CVE-2023-50962 1Ibm 1Powersc Nov 21, 2024 Feb 2, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. IBM X-Force ID: 276004.
CVE-2023-46889 1Meross 1Msh30q Firmware Jun 17, 2025 Jan 23, 2024 N/A· v4 5.7 MEDIUM· v3 N/A· v2 Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the In...Show more Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network name (SSID) and the Wi-Fi network password. When the user enters the password, the transmission of the Wi-Fi password and name between the MSH30Q and mobile application is observed in the Wi-Fi network. Although the Wi-Fi password is encrypted, a part of the decryption algorithm is public so we complemented the missing parts to decrypt it.Show less
CVE-2023-42144 1Shelly 1Trv Firmware Jun 20, 2025 Jan 23, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password.
CVE-2023-46447 1Popsdiabetes 1Rebel Jun 20, 2025 Jan 20, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE.
CVE-2023-50614 1Cdebyte 1E880 Ir01 Firmware Jun 2, 2025 Jan 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue discovereed in EBYTE E880-IR01-V1.1 allows an attacker to obtain sensitive information via crafted POST request to /cgi-bin/luci.
CVE-2023-51741 1Skyworthdigital 1Cm5100 Firmware Nov 21, 2024 Jan 17, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping o...Show more This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web interface (Password Reset Page) of the vulnerable targeted system.Show less
CVE-2023-51740 1Skyworthdigital 1Cm5100 Firmware Nov 21, 2024 Jan 17, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping o...Show more This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web interface (Login Page) of the vulnerable targeted system.Show less
CVE-2024-0056 1Microsoft 6.net .net FrameworkMicrosoft.data.sqlclient+3 more Nov 21, 2024 Jan 9, 2024 N/A· v4 8.7 HIGH· v3 N/A· v2 Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
CVE-2023-6094 1Moxa 1Oncell G3150a Lte Firmware Nov 21, 2024 Dec 31, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping...Show more A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may obtain sensitive information. This type of attack could be executed to gather sensitive information or to facilitate a subsequent attack against the target. Show less
CVE-2023-31300 1Sesami 1Cash Point & Transport Optimizer Apr 17, 2025 Dec 29, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Pass...Show more An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Password Reset feature.Show less
CVE-2023-34829 1Tp Link 1Tapo Apr 17, 2025 Dec 28, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext.
CVE-2023-28616 1Stormshield 1Stormshield Network Security Nov 21, 2024 Dec 26, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character...Show more An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component.Show less
CVE-2023-51390 1Aiven 1Journalpump Nov 21, 2024 Dec 21, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to t...Show more journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential information contained in the configuration if any. The problem has been patched in journalpump 2.5.0.Show less
CVE-2023-50703 1Efacec 1Uc 500e Firmware Nov 21, 2024 Dec 20, 2023 N/A· v4 5.9 MEDIUM· v3 N/A· v2 An attacker with network access could perform a man-in-the-middle (MitM) attack and capture sensitive information to gain unauthorized access to the application.
CVE-2023-39172 1Enbw 1Senec Storage Box Firmware Nov 4, 2025 Dec 7, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network traffic.
CVE-2023-24547 1Arista 1Mos Nov 21, 2024 Dec 6, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as wel...Show more On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config. Show less
CVE-2023-42579 1Samsung 1Samsung Keyboard Nov 21, 2024 Dec 5, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Andro...Show more Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using Man-in-the-Middle attack.Show less

Previous 1...141516...45 Next