Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CVEs (881)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-25070 1Seiko Sol 2Skybridge Mb A100 Firmware Skybridge Mb A110 Firmware Jan 28, 2025 May 10, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Cleartext transmission of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier. If the telnet connection is enabled, a remote unauthenticated attacker may eavesdrop on or alter the admini...Show more Cleartext transmission of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier. If the telnet connection is enabled, a remote unauthenticated attacker may eavesdrop on or alter the administrator's communication to the product.Show less
CVE-2023-32290 1Vk.company 1Mymail Jan 29, 2025 May 7, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server.
CVE-2023-29681 1Tenda 1N301 Firmware Jan 30, 2025 May 1, 2023 N/A· v4 5.7 MEDIUM· v3 N/A· v2 Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password.
CVE-2023-29680 1Tenda 1N301 Firmware Jan 30, 2025 May 1, 2023 N/A· v4 5.7 MEDIUM· v3 N/A· v2 Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password.
CVE-2023-25437 1Vtech 1Vcs754a Firmware Jan 31, 2025 Apr 27, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain escalated privileges and gain sensitive information due to cleartext passwords passed in the raw HTML.
CVE-2023-30841 1Linuxfoundation 1Baremetal Operator Nov 21, 2024 Apr 26, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Baremetal Operator (BMO) is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included `deploy.sh` store their `.h...Show more Baremetal Operator (BMO) is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included `deploy.sh` store their `.htpasswd` files as ConfigMaps instead of Secrets. This causes the plain-text username and hashed password to be readable by anyone having a cluster-wide read-access to the management cluster, or access to the management cluster's Etcd storage. This issue is patched in baremetal-operator PR#1241, and is included in BMO release 0.3.0 onwards. As a workaround, users may modify the kustomizations and redeploy the BMO, or recreate the required ConfigMaps as Secrets per instructions in baremetal-operator PR#1241.Show less
CVE-2023-1831 1Mattermost 1Mattermost Server Nov 21, 2024 Apr 17, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled (ExperimentalAuditSettings sect...Show more Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled (ExperimentalAuditSettings section in config). Show less
CVE-2019-14942 1Gitlab 1Gitlab Feb 6, 2025 Apr 16, 2023 N/A· v4 5.9 MEDIUM· v3 N/A· v2 An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages (which have access control) could be sent over cleartext HTTP.
CVE-2023-30515 1Jenkins 1Thycotic Devops Secrets Vault Feb 7, 2025 Apr 12, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
CVE-2023-30514 1Jenkins 1Azure Key Vault Feb 7, 2025 Apr 12, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Jenkins Azure Key Vault Plugin 187.va_cd5fecd198a_ and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
CVE-2023-30513 1Jenkins 1Kubernetes Feb 7, 2025 Apr 12, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
CVE-2023-1802 1Docker 1Desktop Nov 21, 2024 Apr 6, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensiti...Show more In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected. Show less
CVE-2023-0922 1Samba 1Samba Feb 13, 2025 Apr 3, 2023 N/A· v4 5.9 MEDIUM· v3 N/A· v2 The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.
CVE-2023-1656 1Forgerock 1Ldap Connector Apr 14, 2025 Mar 29, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This i...Show more Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server (RCS): from 1.5.20.9 through 1.5.20.13.Show less
CVE-2023-27927 1Sauter Controls 1Ey As525f001 Firmware Jan 17, 2025 Mar 27, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An authenticated malicious user could acquire the simple mail transfer protocol (SMTP) Password in cleartext format, despite it being protected and hidden behind asterisks. The attacker could then perform further attacks...Show more An authenticated malicious user could acquire the simple mail transfer protocol (SMTP) Password in cleartext format, despite it being protected and hidden behind asterisks. The attacker could then perform further attacks using the SMTP credentials.Show less
CVE-2022-38458 1Netgear 1Rbs750 Firmware Nov 21, 2024 Mar 21, 2023 N/A· v4 5.9 MEDIUM· v3 N/A· v2 A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information.
CVE-2023-0053 1Sauter Controls 6Bacnetstac Modunet300 Ey Am300f001 FirmwareModunet300 Ey Am300f002 Firmware+3 more Nov 21, 2024 Mar 2, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated throu...Show more SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could obtain sensitive information such as user credentials to gain access to the system. Show less
CVE-2022-32906 1Apple 1Music Mar 11, 2025 Feb 27, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 This issue was addressed with using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.9.10 for Android. A user in a privileged network position may intercept SSL/TLS connections.
CVE-2023-23915 3Haxx NetappSplunk 8Active Iq Unified Manager Clustered Data OntapCurl+5 more Feb 13, 2026 Feb 23, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl...Show more A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when multiple transfers are done in parallel as the HSTS cache file gets overwritten by the most recentlycompleted transfer. A later HTTP-only transfer to the earlier host name would then not get upgraded properly to HSTS.Show less
CVE-2023-23914 3Haxx NetappSplunk 8Active Iq Unified Manager Clustered Data OntapCurl+5 more Mar 12, 2025 Feb 23, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed t...Show more A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on.Show less

Previous 1...181920...45 Next