Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CVEs (881)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-29769 1Ibm 1I2 Analyze Nov 21, 2024 Jul 26, 2021 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http://...Show more IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 202769.Show less
CVE-2021-33900 1Apache 1Directory Studio Nov 21, 2024 Jul 26, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used. While investigating DIRSTUDIO-1220 it was notice...Show more While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue affects Apache Directory Studio version 2.0.0.v20210213-M16 and prior versions.Show less
CVE-2020-36423 2Arm Debian 2Debian Linux Mbed Tls Nov 21, 2024 Jul 19, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator.
CVE-2020-4980 1Ibm 1Qradar Security Information And Event Manager Nov 21, 2024 Jul 16, 2021 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts when encrypt host connections is not enabled as well as data at rest. IBM X-Force ID: 192539.
CVE-2020-12730 1Magicsmotion 1Flamingo 2 Firmware Nov 21, 2024 Jul 15, 2021 N/A· v4 5.3 MEDIUM· v3 2.9 LOW· v2 MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery.
CVE-2021-1896 1Qualcomm 22Aqt1000 Firmware Qca6164 FirmwareQca6174 Firmware+19 more Nov 21, 2024 Jul 13, 2021 N/A· v4 4.3 MEDIUM· v3 3.3 LOW· v2 Weak configuration in WLAN could cause forwarding of unencrypted packets from one client to another in Snapdragon Compute, Snapdragon Connectivity
CVE-2021-36382 1Devolutions 1Devolutions Server Nov 21, 2024 Jul 12, 2021 N/A· v4 3.7 LOW· v3 4.3 MEDIUM· v2 Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext).
CVE-2021-22380 1Huawei 1Emui Nov 21, 2024 Jun 30, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 There is a Cleartext Transmission of Sensitive Information Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality and availability.
CVE-2021-23846 1Bosch 1B426 Firmware Nov 21, 2024 Jun 18, 2021 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5,...Show more When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5, which will be released on the 30th of June, 2021.Show less
CVE-2021-34825 2Fedoraproject Quassel Irc 2Fedora Quassel Nov 21, 2024 Jun 17, 2021 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system.
CVE-2021-32612 1I Doo 1Veryfitpro Nov 21, 2024 Jun 16, 2021 N/A· v4 8.1 HIGH· v3 4.3 MEDIUM· v2 The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows informa...Show more The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing.Show less
CVE-2021-22325 1Huawei 2Emui Magic Ui Nov 21, 2024 Jun 3, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may result in video streams being intercepted during transmission.
CVE-2021-23896 1Mcafee 1Database Security Nov 21, 2024 Jun 2, 2021 N/A· v4 4.5 MEDIUM· v3 2.7 LOW· v2 Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insig...Show more Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server. This user is restricted to only have access to DBSec data in the Insights Server.Show less
CVE-2021-23018 1F5 1Nginx Controller Nov 21, 2024 Jun 1, 2021 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster.
CVE-2021-33408 1Abinitio 1Control>center Nov 21, 2024 May 27, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Local File Inclusion vulnerability in Ab Initio Control>Center before 4.0.2.6 allows remote attackers to retrieve arbitrary files. Fixed in v4.0.2.6 and v4.0.3.1.
CVE-2021-25643 1Couchbase 1Couchbase Server Nov 21, 2024 May 26, 2021 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexe...Show more An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens, /listRebalanceTokens, or /listMetadataTokens call.Show less
CVE-2021-27924 1Couchbase 1Couchbase Server Nov 21, 2024 May 19, 2021 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an at...Show more An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expires.Show less
CVE-2021-32456 1Sitel Sa 1Remote Cap/prx Firmware Nov 21, 2024 May 17, 2021 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network of the device to obtain the authentication passwords by analysing the network traffic.
CVE-2021-20564 1Ibm 1Cloud Pak For Security Nov 21, 2024 May 14, 2021 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An...Show more IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 199235.Show less
CVE-2020-27185 1Moxa 3Nport Ia5150a Firmware Nport Ia5250a FirmwareNport Ia5450a Firmware Nov 21, 2024 May 14, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration,...Show more Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service.Show less

Previous 1...262728...45 Next