Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CVEs (880)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-16067 1Netsas 1Enigma Network Management Solution Nov 21, 2024 Mar 19, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over HTTP for enforcing access control to the web application. The use of weak authentication transmitted over cleartext protocols can allow an attacker to...Show more NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over HTTP for enforcing access control to the web application. The use of weak authentication transmitted over cleartext protocols can allow an attacker to steal username and password combinations by intercepting authentication traffic in transit.Show less
CVE-2019-12122 1Onap 1Open Network Automation Platform Nov 21, 2024 Mar 18, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in ONAP Portal through Dublin. By executing a call to ONAPPORTAL/portalApi/loggedinUser, an attacker who possesses a user's cookie may retrieve that user's password from the database. All Portal s...Show more An issue was discovered in ONAP Portal through Dublin. By executing a call to ONAPPORTAL/portalApi/loggedinUser, an attacker who possesses a user's cookie may retrieve that user's password from the database. All Portal setups are affected.Show less
CVE-2019-13394 1Netgear 1Cg3700b Firmware Nov 21, 2024 Mar 13, 2020 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP.
CVE-2020-0884 1Microsoft 2Visual Studio 2017 Visual Studio 2019 Nov 21, 2024 Mar 12, 2020 N/A· v4 3.7 LOW· v3 4.3 MEDIUM· v2 A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofing Vulnerability'.
CVE-2019-5107 1Wago 1E!cockpit Nov 21, 2024 Mar 11, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data...Show more A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints.Show less
CVE-2019-9101 1Moxa 6Mb3170 Firmware Mb3180 FirmwareMb3270 Firmware+3 more Nov 21, 2024 Mar 11, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Sensitive information is sent to the web server...Show more An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Sensitive information is sent to the web server in cleartext, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server.Show less
CVE-2020-10376 1Technicolor 1Tc7337net Firmware Nov 21, 2024 Mar 11, 2020 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header.
CVE-2020-6198 1Sap 1Solution Manager Nov 21, 2024 Mar 10, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check...Show more SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check.Show less
CVE-2020-2157 1Jenkins 1Skytap Cloud Ci Nov 21, 2024 Mar 9, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.
CVE-2020-2156 1Jenkins 1Deployhub Nov 21, 2024 Mar 9, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.
CVE-2020-2155 1Jenkins 1Openshift Deployer Nov 21, 2024 Mar 9, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
CVE-2020-2153 1Jenkins 1Backlog Nov 21, 2024 Mar 9, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Jenkins Backlog Plugin 2.4 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.
CVE-2020-2151 1Jenkins 1Quality Gates Nov 21, 2024 Mar 9, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
CVE-2020-2150 1Jenkins 1Sonar Quality Gates Nov 21, 2024 Mar 9, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
CVE-2020-2149 1Jenkins 1Repository Connector Nov 21, 2024 Mar 9, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
CVE-2020-2143 1Jenkins 1Logstash Nov 21, 2024 Mar 9, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
CVE-2020-9550 1Rubetek 1Smarthome Firmware Nov 21, 2024 Mar 4, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Rubetek SmartHome 2020 devices use unencrypted 433 MHz communication between controllers and beacons, allowing an attacker to sniff and spoof beacon requests remotely.
CVE-2020-9477 1Humaxdigital 1Hga12r 02 Firmware Nov 21, 2024 Mar 4, 2020 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vulnerability in the authentication functionality in the web-based interface could allow an unauthenticated remote attacker to capture packets at the ti...Show more An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vulnerability in the authentication functionality in the web-based interface could allow an unauthenticated remote attacker to capture packets at the time of authentication and gain access to the cleartext password. An attacker could use this access to create a new user account or control the device.Show less
CVE-2020-3841 1Apple 3Ipados Iphone OsSafari Nov 21, 2024 Feb 27, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The issue was addressed with improved UI handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, Safari 13.0.5. A local user may unknowingly send a password unencrypted over the network.
CVE-2020-7907 1Jetbrains 1Scala Nov 21, 2024 Feb 21, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections.

Previous 1...333435...44 Next