Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CVEs (881)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-19944 1Qnap 1Qts Nov 21, 2024 Dec 31, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices. If exploited, this vulnerability allows a remote attacker to gain access to sensitive information. QNAP hav...Show more A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices. If exploited, this vulnerability allows a remote attacker to gain access to sensitive information. QNAP have already fixed this vulnerability in the following versions: QTS 4.4.3.1354 build 20200702 (and later)Show less
CVE-2020-11718 1Bilanc 1Bilanc Nov 21, 2024 Dec 23, 2020 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and below. Its software-update packages are downloaded via cleartext HTTP.
CVE-2020-35584 1Mersive 1Solstice Pod Firmware Nov 21, 2024 Dec 23, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's network traffic could r...Show more In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys.Show less
CVE-2020-25190 1Moxa 1Nport Iaw5000a I/o Firmware Nov 21, 2024 Dec 23, 2020 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext.
CVE-2020-13528 1Lantronix 1Xport Edge Firmware Nov 21, 2024 Dec 18, 2020 N/A· v4 5.3 MEDIUM· v3 2.6 LOW· v2 An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause informati...Show more An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerability.Show less
CVE-2020-14248 1Hcltech 1Bigfix Platform Nov 21, 2024 Dec 16, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cooki...Show more BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.Show less
CVE-2020-27586 1Quickheal 1Total Security Nov 21, 2024 Nov 30, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Quick Heal Total Security before version 19.0 transmits quarantine and sysinfo files via clear text.
CVE-2020-29380 1Vsolcn 5V1600d Mini Firmware V1600d4l FirmwareV1600d Firmware+2 more Nov 21, 2024 Nov 29, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always availa...Show more An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-the-middle attack on the management of the appliance.Show less
CVE-2020-29055 1Cdatatec 2872408a Firmware 9008a Firmware9016a Firmware+25 more Nov 21, 2024 Nov 24, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S...Show more An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. By default, the appliance can be managed remotely only with HTTP, telnet, and SNMP. It doesn't support SSL/TLS for HTTP or SSH. An attacker can intercept passwords sent in cleartext and conduct man-in-the-middle attacks on the management of the appliance.Show less
CVE-2020-25988 1Genexis 1Platinum 4410 Firmware Nov 21, 2024 Nov 17, 2020 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an action 'X_GetAccess' which leaks the credentials of 'admin', provided that the attacker is network adjacent.
CVE-2020-27554 1Basetech 1Ge 131 Bt 1837836 Firmware Nov 21, 2024 Nov 17, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device.
CVE-2020-25155 1Nexcom 1Nio 50 Firmware Nov 21, 2024 Nov 13, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The affected product transmits unencrypted sensitive information, which may allow an attacker to access this information on the NIO 50 (all versions).
CVE-2020-5426 1Vmware 1Pivotal Scheduler Nov 21, 2024 Nov 11, 2020 N/A· v4 9.8 CRITICAL· v3 4.3 MEDIUM· v2 Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cac...Show more Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller.Show less
CVE-2020-27657 1Synology 1Router Manager Nov 21, 2024 Oct 29, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecifi...Show more Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.Show less
CVE-2020-27656 1Synology 1Diskstation Manager Jan 14, 2025 Oct 29, 2020 N/A· v4 3.7 LOW· v3 4.3 MEDIUM· v2 Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via u...Show more Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.Show less
CVE-2020-7744 1Mintegral 1Mintegraladsdk Nov 21, 2024 Oct 15, 2020 N/A· v4 4.7 MEDIUM· v3 4.3 MEDIUM· v2 This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google a...Show more This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail attachments and Google Docs links. 2. All apk downloads, either organic or not. Mintegral listens to download events in Android's download manager and detects if the downloaded file's url contains: a. google.com or comes from a Google app (the com.android.vending package) b. Ends with .apk for apk downloads In both cases, the module sends the captured data back to Mintegral's servers. Note that the malicious functionality keeps running even if the app is currently not in focus (running in the background).Show less
CVE-2020-25645 5Canonical DebianLinux+2 more 7Debian Linux Hci Compute Node BiosLeap+4 more Nov 21, 2024 Oct 13, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel all...Show more A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.Show less
CVE-2020-1902 1Whatsapp 2Whatsapp Whatsapp Business Nov 21, 2024 Oct 6, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35 to v2.20.49 could have been sent to the Google service over p...Show more A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35 to v2.20.49 could have been sent to the Google service over plain HTTP.Show less
CVE-2020-25748 1Rubetek 3Rv 3406 Firmware Rv 3409 FirmwareRv 3411 Firmware Nov 21, 2024 Sep 25, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is trans...Show more A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP servers and force the camera to use the changed values.Show less
CVE-2020-15785 1Siemens 1Siveillance Video Client Nov 21, 2024 Sep 9, 2020 N/A· v4 5.3 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability has been identified in Siveillance Video Client (All versions). In environments where Windows NTLM authentication is enabled the affected client application transmits usernames to the server in cleartext....Show more A vulnerability has been identified in Siveillance Video Client (All versions). In environments where Windows NTLM authentication is enabled the affected client application transmits usernames to the server in cleartext. This could allow an attacker in a privileged network position to obtain valid adminstrator login names and use this information to launch further attacks.Show less

Previous 1...293031...45 Next