Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CVEs (881)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-39026 1Ibm 1Guardium Data Encryption Nov 21, 2024 Feb 18, 2022 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit thi...Show more IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 213964.Show less
CVE-2022-25180 1Jenkins 1Pipeline\ Nov 21, 2024 Feb 15, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password param...Show more Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline.Show less
CVE-2022-0162 1Tp Link 1Tl Wr841n Firmware Nov 21, 2024 Feb 9, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability...Show more The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface.Show less
CVE-2021-29397 1Globalnorthstar 1Northstar Club Management Nov 21, 2024 Feb 4, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote local user to intercept users credentials transmitted in cleartext o...Show more Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote local user to intercept users credentials transmitted in cleartext over HTTP.Show less
CVE-2021-45735 1Totolink 1X5000r Firmware Nov 21, 2024 Feb 4, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software.
CVE-2021-41835 1Fresenius Kabi 6Agilia Connect Agilia Partner Maintenance SoftwareLink+ Agilia Firmware+3 more Nov 21, 2024 Jan 21, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted data may be sent in cleartext. Transport layer encryption is offered on Port TCP/443, but the affected service...Show more Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted data may be sent in cleartext. Transport layer encryption is offered on Port TCP/443, but the affected service does not perform an automated redirect from the unencrypted service on Port TCP/80 to the encrypted service.Show less
CVE-2022-23105 1Jenkins 1Active Directory Nov 21, 2024 Jan 12, 2022 N/A· v4 6.5 MEDIUM· v3 2.9 LOW· v2 Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations.
CVE-2021-40148 1Mediatek 6L9 Lr11Lr12+3 more Nov 21, 2024 Jan 4, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Modem EMM, there is a possible information disclosure due to a missing data encryption. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed f...Show more In Modem EMM, there is a possible information disclosure due to a missing data encryption. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00716585; Issue ID: ALPS05886933.Show less
CVE-2021-20175 1Netgear 1R6700 Firmware Nov 21, 2024 Dec 30, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the SOAP interface. By default, all communication to/from the device's SOAP Interface (port 5000) is sent via HTTP, which causes...Show more Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the SOAP interface. By default, all communication to/from the device's SOAP Interface (port 5000) is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartextShow less
CVE-2021-20174 1Netgear 1R6700 Firmware Nov 21, 2024 Dec 30, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the web interface. By default, all communication to/from the device's web interface is sent via HTTP, which causes potentially se...Show more Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the web interface. By default, all communication to/from the device's web interface is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext.Show less
CVE-2021-20169 1Netgear 1Rax43 Firmware Nov 21, 2024 Dec 30, 2021 N/A· v4 6.8 MEDIUM· v3 7.2 HIGH· v2 Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By default, all communication to/from the device is sent via HTTP, which causes potentially sensitive information (such as usern...Show more Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By default, all communication to/from the device is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext.Show less
CVE-2021-20154 1Trendnet 1Tew 827dru Firmware Nov 21, 2024 Dec 30, 2021 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default. This results in cleartext transmission of sensitive information such as passwords.
CVE-2021-4161 1Moxa 3Mgate Mb3180 Firmware Mgate Mb3280 FirmwareMgate Mb3480 Firmware Nov 21, 2024 Dec 27, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server.
CVE-2021-45100 2Ksmbd Project Netapp 9H300e Firmware H300s FirmwareH410c Firmware+6 more Nov 21, 2024 Dec 16, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag whe...Show more The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption.Show less
CVE-2021-44518 1Digipas 1Egeetouch Manager Nov 21, 2024 Dec 2, 2021 N/A· v4 6.8 MEDIUM· v3 2.9 LOW· v2 An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android. The lock sends a pairing code before each operation (lock or unlock) activated via the companion app. The code is sent unenc...Show more An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android. The lock sends a pairing code before each operation (lock or unlock) activated via the companion app. The code is sent unencrypted, allowing any attacker with the same app (either Android or iOS) to add the lock and take complete control. For successful exploitation, the attacker must be able to touch the lock's power button, and must be able to capture BLE network communication.Show less
CVE-2021-44480 1Wokkalokka 1Wokka Watch Q50 Firmware Nov 21, 2024 Dec 1, 2021 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number and password) to listen to a device's surroundings via a callback in an SMS command, as demonstrated by the 123456 and 5236...Show more Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number and password) to listen to a device's surroundings via a callback in an SMS command, as demonstrated by the 123456 and 523681 default passwords.Show less
CVE-2021-37939 1Elastic 1Kibana Nov 21, 2024 Nov 18, 2021 N/A· v4 2.7 LOW· v3 4.0 MEDIUM· v2 It was discovered that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. Using this vulnerability, a malic...Show more It was discovered that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. Using this vulnerability, a malicious user with the ability to create connectors, could utilize these connectors to view limited HTTP response data on hosts accessible to the cluster.Show less
CVE-2021-38978 1Ibm 2Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager Nov 21, 2024 Nov 15, 2021 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit...Show more IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 212783.Show less
CVE-2021-3792 1Binatoneglobal 21Cn28 Firmware Cn40 FirmwareCn50 Firmware+18 more Nov 21, 2024 Nov 12, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble services are not encrypted which could lead to the communication channel being accessible by an attacker.
CVE-2021-40366 1Siemens 1Climatix Pol909 Firmware Nov 21, 2024 Nov 9, 2021 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.42), Climatix POL909 (AWM module) (All versions < V11.34). The web server of affected devices transmits data without TLS encryption....Show more A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.42), Climatix POL909 (AWM module) (All versions < V11.34). The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit.Show less

Previous 1...242526...45 Next