Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CVEs (879)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-16672 1Weidmueller 40Ie Sw Pl08m 6tx 2sc Firmware Ie Sw Pl08m 6tx 2scs FirmwareIe Sw Pl08m 6tx 2st Firmware+37 more Nov 21, 2024 Dec 6, 2019 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext.
CVE-2015-7542 3Aquamaniac DebianOpensuse 3Debian Linux GwenhywfarLeap Nov 21, 2024 Dec 3, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates.
CVE-2019-19316 1Hashicorp 1Terraform Nov 21, 2024 Dec 2, 2019 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP.
CVE-2012-5562 1Redhat 1Satellite Apr 9, 2026 Dec 2, 2019 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 A flaw was found in rhn-proxy. This vulnerability may allow the rhn-proxy to transmit user credentials in clear-text when it accesses RHN Satellite. This could lead to information disclosure, where sensitive authenticati...Show more A flaw was found in rhn-proxy. This vulnerability may allow the rhn-proxy to transmit user credentials in clear-text when it accesses RHN Satellite. This could lead to information disclosure, where sensitive authentication details are exposed to unauthorized parties.Show less
CVE-2019-12503 1Inateck 1Bcst 60 Firmware Nov 21, 2024 Dec 2, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's comput...Show more Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device.Show less
CVE-2019-12388 1Anviz 1Anviz Firmware Nov 21, 2024 Dec 2, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Anviz access control devices perform cleartext transmission of sensitive information (passwords/pins and names) when replying to query on port tcp/5010.
CVE-2019-19463 1Huami 1Mi Fit Nov 21, 2024 Nov 30, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The Anhui Huami Mi Fit application before 4.0.11 for Android has an Unencrypted Update Check.
CVE-2019-16545 1Qmetry 1Jenkins Qmetry For Jira Nov 21, 2024 Nov 21, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.
CVE-2012-1257 1Pidgin 1Pidgin Nov 21, 2024 Nov 20, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.
CVE-2019-3640 1Mcafee 1Data Loss Prevention Nov 21, 2024 Nov 14, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extensi...Show more Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extension not using a secure connection when testing LDAP connectivity.Show less
CVE-2010-4177 2Fedoraproject Oracle 2Fedora Mysql Gui Tools Nov 21, 2024 Nov 12, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes.
CVE-2019-18852 1Dlink 7Dir 600 B1 Firmware Dir 615 J1 FirmwareDir 645 A1 Firmware+4 more Nov 21, 2024 Nov 11, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1...Show more Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00.Show less
CVE-2019-18800 1Rakuten 1Viber Nov 21, 2024 Nov 6, 2019 N/A· v4 8.8 HIGH· v3 4.3 MEDIUM· v2 Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victi...Show more Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS version, IMSI, and 20 bytes of udid in a binary format, which is located at offset 0x14 of this packet. Then, the attacker installs Viber on his device, initiates the registration process for any phone number, but doesn't enter a pin from SMS. Instead, he closes Viber. Next, the attacker rewrites his udid with the victim's udid, modifying the viber_udid file, which is located in the Viber preferences folder. (The udid is stored in a hexadecimal format.) Finally, the attacker starts Viber again and enters the pin from SMS.Show less
CVE-2019-6846 1Schneider Electric 4Modicon 140cra Firmware Modicon Bmxcra FirmwareModicon M340 Firmware+1 more Nov 21, 2024 Oct 29, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when usin...Show more A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol.Show less
CVE-2019-6845 1Schneider Electric 23Modicon M340 Firmware Modicon M580 FirmwareTsxmcpc002m Firmware+20 more Nov 21, 2024 Oct 29, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information wh...Show more A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol.Show less
CVE-2019-18201 1Fujitsu 1Lx390 Firmware Nov 21, 2024 Oct 24, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, an attacker is able to eavesdrop on sensitive data such as passwords.
CVE-2019-18199 1Fujitsu 1Lx390 Firmware Nov 21, 2024 Oct 24, 2019 N/A· v4 6.6 MEDIUM· v3 6.9 MEDIUM· v2 An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay...Show more An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks.Show less
CVE-2019-12967 1Themooltipass 1Moolticute Nov 21, 2024 Oct 22, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Stephan Mooltipass Moolticute through 0.42.1 (and possibly earlier versions) has Incorrect Access Control.
CVE-2019-17393 1Tomedo 1Server Nov 21, 2024 Oct 18, 2019 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it po...Show more The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and password.Show less
CVE-2019-15626 1Trendmicro 1Deep Security Nov 21, 2024 Oct 17, 2019 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. This may result in confidentiality impact but does not impact...Show more The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. This may result in confidentiality impact but does not impact integrity or availability.Show less

Previous 1...353637...44 Next