Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CVEs (879)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-17356 1Infinitestudio 1Infinite Design Nov 21, 2024 Oct 15, 2019 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 The Infinite Design application 3.4.12 for Android sends a username and password via TCP without any encryption during login, as demonstrated by sniffing of a public Wi-Fi network.
CVE-2019-9532 1Cobham 1Explorer 710 Firmware Nov 21, 2024 Oct 10, 2019 N/A· v4 7.8 HIGH· v3 2.1 LOW· v2 The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the po...Show more The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal.Show less
CVE-2019-0069 1Juniper 1Junos Nov 21, 2024 Oct 9, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series, when the user uses c...Show more On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series, when the user uses console management port to authenticate, the credentials used during device authentication are written to a log file in clear text. This issue does not affect users that are logging-in using telnet, SSH or J-web to the management IP. This issue affects ACX, NFX, SRX, EX and QFX platforms with the Linux Host OS architecture, it does not affect other SRX and EX platforms that do not use the Linux Host OS architecture. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D110 on vSRX, SRX1500, SRX4000 Series; 15.1X53 versions prior to 15.1X53-D234 on QFX5110, QFX5200 Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10K Series; 17.1 versions prior to 17.1R2-S8, 17.1R3, on QFX5110, QFX5200, QFX10K Series; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3 on QFX5110, QFX5200, QFX10K Series; 17.3 versions prior to 17.3R2 on vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series; 14.1X53 versions prior to 14.1X53-D47 on ACX5000, EX4600, QFX5100 Series; 15.1 versions prior to 15.1R7 on ACX5000, EX4600, QFX5100 Series; 16.1R7 versions prior to 16.1R7 on ACX5000, EX4600, QFX5100 Series; 17.1 versions prior to 17.1R2-S10, 17.1R3 on ACX5000, EX4600, QFX5100 Series; 17.2 versions prior to 17.2R3 on ACX5000, EX4600, QFX5100 Series; 17.3 versions prior to 17.3R3 on ACX5000, EX4600, QFX5100 Series; 17.4 versions prior to 17.4R2 on ACX5000, EX4600, QFX5100 Series; 18.1 versions prior to 18.1R2 on ACX5000, EX4600, QFX5100 Series; 15.1X53 versions prior to 15.1X53-D496 on NFX Series, 17.2 versions prior to 17.2R3-S1 on NFX Series; 17.3 versions prior to 17.3R3-S4 on NFX Series; 17.4 versions prior to 17.4R2-S4, 17.4R3 on NFX Series, 18.1 versions prior to 18.1R3-S4 on NFX Series; 18.2 versions prior to 18.2R2-S3, 18.2R3 on NFX Series; 18.3 versions prior to 18.3R1-S3, 18.3R2 on NFX Series; 18.4 versions prior to 18.4R1-S1, 18.4R2 on NFX Series.Show less
CVE-2019-14808 1Renpho 1Renpho Nov 21, 2024 Oct 9, 2019 N/A· v4 6.8 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted to a server without an integrity check, if a user changes personal data in his profile tab (e.g., exposure of his birthd...Show more An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted to a server without an integrity check, if a user changes personal data in his profile tab (e.g., exposure of his birthday) or logs into his account (i.e., exposure of credentials).Show less
CVE-2019-17218 1Vzug 1Combi Stream Mslq Firmware Nov 21, 2024 Oct 6, 2019 N/A· v4 9.1 CRITICAL· v3 5.0 MEDIUM· v2 An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the communication to the web service is unencrypted via http. An attacker is able to intercept and sniff comm...Show more An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the communication to the web service is unencrypted via http. An attacker is able to intercept and sniff communication to the web service.Show less
CVE-2019-14959 1Jetbrains 1Toolbox Nov 21, 2024 Oct 2, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection.
CVE-2019-0231 1Apache 1Mina Nov 21, 2024 Oct 1, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0...Show more Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This issue affects: Apache MINA.Show less
CVE-2019-14954 1Jetbrains 1Intellij Idea Nov 21, 2024 Oct 1, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via a cleartext http connection.
CVE-2019-10435 1Jenkins 1Sourcegear Vault Nov 21, 2024 Oct 1, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.
CVE-2019-10434 1Jenkins 1Ldap Email Nov 21, 2024 Oct 1, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
CVE-2019-4280 1Ibm 1Sterling File Gateway Nov 21, 2024 Sep 30, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. IBM X-Force ID: 160503.
CVE-2019-16924 1Nuvending 1Nulock Nov 21, 2024 Sep 27, 2019 N/A· v4 8.8 HIGH· v3 3.3 LOW· v2 The Nulock application 1.5.0 for mobile devices sends a cleartext password over Bluetooth, which allows remote attackers (after sniffing the network) to take control of the lock.
CVE-2019-11739 1Mozilla 1Thunderbird Nov 21, 2024 Sep 27, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 68.1 and Thunderbird < 60.9.
CVE-2019-6652 1F5 1Big Iq Centralized Management Nov 21, 2024 Sep 25, 2019 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 In BIG-IQ 6.0.0-6.1.0, services for stats do not require authentication nor do they implement any form of Transport Layer Security (TLS).
CVE-2019-10428 1Jenkins 1Aqua Security Scanner Nov 21, 2024 Sep 25, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
CVE-2019-10427 1Jenkins 1Aqua Microscanner Nov 21, 2024 Sep 25, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
CVE-2019-10412 1Jenkins 1Inedo Proget Nov 21, 2024 Sep 25, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
CVE-2019-10411 1Jenkins 1Inedo Buildmaster Nov 21, 2024 Sep 25, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
CVE-2019-5505 1Netapp 1Ontap Select Deploy Administration Utility Nov 21, 2024 Sep 24, 2019 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext.
CVE-2019-15635 1Grafana 1Grafana Nov 21, 2024 Sep 23, 2019 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a...Show more An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, the password for the data source is revealed and sent to the server. From a browser, a prompt to save the credentials is generated, and the password can be revealed by simply checking the "Show password" box.Show less

Previous 1...363738...44 Next