Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CVEs (881)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-46383 1Loytec 1L Inx Configurator Nov 4, 2025 Nov 30, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 LOYTEC electronics GmbH LINX Configurator (all versions) uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full...Show more LOYTEC electronics GmbH LINX Configurator (all versions) uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration.Show less
CVE-2023-6248 1Digitalcomtech 1Syrus 4g Iot Telematics Gateway Firmware Nov 21, 2024 Nov 21, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the cloud service. The MQT...Show more The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the cloud service. The MQTT server also leaks the location, video and diagnostic data from each connected device. An attacker who knows the IP address of the server is able to connect and perform the following operations: * Get location data of the vehicle the device is connected to * Send CAN bus messages via the ECU module ( https://syrus.digitalcomtech.com/docs/ecu-1 https://syrus.digitalcomtech.com/docs/ecu-1 ) * Immobilize the vehicle via the safe-immobilizer module ( https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization ) * Get live video through the connected video camera * Send audio messages to the driver ( https://syrus.digitalcomtech.com/docs/system-tools#apx-tts https://syrus.digitalcomtech.com/docs/system-tools#apx-tts ) Show less
CVE-2023-43503 1Siemens 1Comos Nov 21, 2024 Nov 14, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A vulnerability has been identified in COMOS (All versions < V10.4.4). Caching system in the affected application leaks sensitive information such as user and project information in cleartext via UDP.
CVE-2023-46382 1Loytec 3Linx 212 Firmware Liob 586 FirmwareLvis 3me12 A1 Firmware Nov 4, 2025 Nov 4, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) use cleartext HTTP for login.
CVE-2023-46380 1Loytec 3Linx 212 Firmware Liob 586 FirmwareLvis 3me12 A1 Firmware Nov 4, 2025 Nov 4, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) send password-change requests via cleartext HTTP.
CVE-2017-7252 1Botan Project 1Botan Nov 21, 2024 Nov 3, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.
CVE-2023-5035 1Moxa 1Eds G503 Firmware Nov 21, 2024 Nov 2, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plai...Show more A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. Show less
CVE-2023-45321 1Boschrexroth 3Ctrlx Hmi Web Panel Wr2107 Firmware Ctrlx Hmi Web Panel Wr2110 FirmwareCtrlx Hmi Web Panel Wr2115 Firmware Nov 21, 2024 Oct 25, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The Android Client application, when enrolled with the define method 1 (the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a r...Show more The Android Client application, when enrolled with the define method 1 (the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user. Due to the lack of encryption of HTTP,this issue allows an attacker placed in the same subnet network of the HMI device to intercept username and password necessary to authenticate to the MQTT server responsible to implement the remote management protocol.Show less
CVE-2023-33837 1Ibm 1Security Verify Governance Nov 21, 2024 Oct 23, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020.
CVE-2023-38276 1Ibm 1Cognos Dashboards On Cloud Pak For Data Nov 21, 2024 Oct 22, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736.
CVE-2023-38275 1Ibm 1Cognos Dashboards On Cloud Pak For Data Nov 21, 2024 Oct 22, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730.
CVE-2023-41088 1Dexma 1Dexgate Nov 21, 2024 Oct 19, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker with access to the network, where clients have access to the DexGate server, c...Show more The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker with access to the network, where clients have access to the DexGate server, could capture traffic. The attacker can later us the information within it to access the application. Show less
CVE-2023-34441 1Bakerhughes 1Bentley Nevada 3500 System Firmware Nov 21, 2024 Oct 19, 2023 N/A· v4 8.2 HIGH· v3 N/A· v2 Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a cleartext transmission vulnerability which could allow an attacker to steal the authentication secret from communication traffic to the...Show more Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a cleartext transmission vulnerability which could allow an attacker to steal the authentication secret from communication traffic to the device and reuse it for arbitrary requests. Show less
CVE-2022-22385 1Ibm 1Security Verify Privilege On Premises Nov 21, 2024 Oct 17, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information to an attacked due to the transmission of data in clear text. IBM X-Force ID: 221962.
CVE-2023-5461 1Deltaww 1Wplsoft Nov 21, 2024 Oct 9, 2023 N/A· v4 5.9 MEDIUM· v3 2.6 LOW· v2 A vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as problematic. Affected is an unknown function of the component Modbus Handler. The manipulation leads to cleartext transmission of sen...Show more A vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as problematic. Affected is an unknown function of the component Modbus Handler. The manipulation leads to cleartext transmission of sensitive information. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241584. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2023-5100 1Sick 1Apu0200 Firmware Nov 21, 2024 Oct 9, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not encrypted.
CVE-2023-23371 1Qnap 1Qvpn Nov 21, 2024 Oct 6, 2023 N/A· v4 4.4 MEDIUM· v3 N/A· v2 A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via un...Show more A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors. We have already fixed the vulnerability in the following version: QVPN Windows 2.2.0.0823 and later Show less
CVE-2023-3361 2Opendatahub Redhat 2Open Data Hub Dashboard Openshift Data Science Nov 21, 2024 Oct 4, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in...Show more A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret.Show less
CVE-2022-47892 1Riello Ups 1Netman 204 Firmware Nov 21, 2024 Oct 3, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file (config.cgi) containing sensitive information, like credentials.
CVE-2023-43125 1F5 2Big Ip Access Policy Manager Big Ip Access Policy Manager Client Nov 21, 2024 Sep 27, 2023 N/A· v4 8.2 HIGH· v3 N/A· v2 BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Previous 1...151617...45 Next