Skip to main content

CWE-256

Plaintext Storage of a Password

175 CVEs Avg CVSS 6.5 MITRE
23
CRITICAL
43
HIGH
98
MEDIUM
11
LOW
17
POC
0
KEV

Monthly

CVE-2026-14867 MEDIUM PATCH This Month

Insecure credential storage in PcVue exposes built-in user account passwords to any local attacker with low-privileged filesystem access, across all versions prior to 17.0.0. The credentials are stored unprotected in the project's User directory, recoverable without elevated OS privileges. No public exploit code has been identified at time of analysis, but in OT/SCADA environments where PcVue is deployed, recovered credentials could enable unauthorized control of industrial processes.

Information Disclosure Pcvue
NVD VulDB
CVSS 4.0
6.8
EPSS
0.1%
CVE-2026-55164 PyPI MEDIUM PATCH GHSA This Month

Cleartext password storage in Netflix Lemur's user-update service path allows any attacker who gains read access to the Lemur database, its backups, query logs, or read replicas to obtain directly usable plaintext credentials - no offline cracking required. The flaw affects all Lemur deployments running pip/lemur <= 1.9.1 and is triggered exclusively when an administrator resets a user password through the admin-gated PUT /api/1/users/<id> API endpoint. No public exploit is required: the advisory itself contains precise reproduction steps, and the side effect (immediate login failure for affected users) makes the exposure operationally detectable. No KEV listing exists at time of analysis.

Authentication Bypass Hashicorp Python
NVD GitHub
CVSS 3.1
4.9
CVE-2026-57302 MEDIUM This Month

Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system.

Jenkins Information Disclosure Jenkins Fitnesse Plugin
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-46488 PyPI CRITICAL PATCH GHSA Act Now

Authentication bypass in motionEye versions prior to 0.44.0 allows remote attackers to impersonate any user, including the administrator, by setting the client-controlled cookies meye_password_hash and meye_username without ever knowing the plaintext password. The server treats these attacker-controlled values as sufficient authentication material, and because the admin hash is stored in a world-readable file (/etc/motioneye/motion.conf), any local shell user can trivially escalate to admin via the web UI. Publicly available exploit code exists in the GitHub Security Advisory GHSA-r3cw-c95m-wfh9, but there is no public exploit identified beyond the PoC and the issue is not in CISA KEV.

Authentication Bypass
NVD GitHub
CVE-2026-50268 NuGet LOW PATCH GHSA Monitor

Steeltoe.Configuration.Encryption 4.0.0 through 4.1.0 silently downgrades RSA encryption from OAEP to PKCS#1 v1.5 when operators explicitly configure `encrypt:rsa:algorithm=OAEP`. The root cause is an incorrect BouncyCastle transformation string in `RsaKeyStoreDecryptor.cs` - the `OAEP` branch passed `"RSA/ECB/PKCS1"` to `CipherUtilities.GetCipher()` instead of the correct `"RSA/NONE/OAEPWithSHA1AndMGF1Padding"`, meaning both the `OAEP` and `DEFAULT` settings silently selected the same weaker algorithm. No public exploit is identified at time of analysis, and CVSS scores this at 1.9 (Low) given the high-privilege local attack vector; however, the security consequence is a cryptographic guarantee failure that exposes encrypted configuration secrets to Bleichenbacher-class padding oracle attacks that OAEP was chosen to prevent.

Information Disclosure Steeltoe Configuration Encryption
NVD GitHub
CVSS 3.1
1.9
EPSS
0.0%
CVE-2024-39575 HIGH PATCH This Week

update_disk_psu_baseline.sh requires password in plain text. Rated high severity (CVSS 7.4).

Information Disclosure Dell Emc Vxrail Appliance
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2024-45636 MEDIUM PATCH This Month

IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Security Qradar Edr
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-36174 MEDIUM This Month

Plaintext credential exposure in GNCC GP5 v7.1.76 allows physically-proximate attackers to capture wireless network credentials by monitoring the device's serial UART interface during routine operations. The device transmits sensitive wireless network information - including network credentials - in cleartext to the serial console, making them trivially readable by anyone with physical access and a UART adapter. No public exploit is identified at time of analysis and no active exploitation is confirmed; however, a researcher-published IoT vulnerability disclosure exists on GitHub detailing the finding.

Information Disclosure N A
NVD GitHub VulDB
CVSS 3.1
4.6
EPSS
0.0%
CVE-2018-25396 HIGH POC This Week

Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-6500 MEDIUM This Month

ILM Informatique OpenConcerto 1.7.5 stores sensitive passwords in plaintext, allowing authenticated local users to retrieve embedded credentials with low complexity. The vulnerability enables information disclosure of authentication data accessible via local file access, confirmed by CISA SSVC framework as having partial technical impact but no evidence of active exploitation.

Information Disclosure Openconcerto
NVD
CVSS 4.0
4.8
EPSS
0.0%
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Insecure credential storage in PcVue exposes built-in user account passwords to any local attacker with low-privileged filesystem access, across all versions prior to 17.0.0. The credentials are stored unprotected in the project's User directory, recoverable without elevated OS privileges. No public exploit code has been identified at time of analysis, but in OT/SCADA environments where PcVue is deployed, recovered credentials could enable unauthorized control of industrial processes.

Information Disclosure Pcvue
NVD VulDB
CVSS 4.9
MEDIUM PATCH This Month

Cleartext password storage in Netflix Lemur's user-update service path allows any attacker who gains read access to the Lemur database, its backups, query logs, or read replicas to obtain directly usable plaintext credentials - no offline cracking required. The flaw affects all Lemur deployments running pip/lemur <= 1.9.1 and is triggered exclusively when an administrator resets a user password through the admin-gated PUT /api/1/users/<id> API endpoint. No public exploit is required: the advisory itself contains precise reproduction steps, and the side effect (immediate login failure for affected users) makes the exposure operationally detectable. No KEV listing exists at time of analysis.

Authentication Bypass Hashicorp Python
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system.

Jenkins Information Disclosure Jenkins Fitnesse Plugin
NVD VulDB
CRITICAL PATCH Act Now

Authentication bypass in motionEye versions prior to 0.44.0 allows remote attackers to impersonate any user, including the administrator, by setting the client-controlled cookies meye_password_hash and meye_username without ever knowing the plaintext password. The server treats these attacker-controlled values as sufficient authentication material, and because the admin hash is stored in a world-readable file (/etc/motioneye/motion.conf), any local shell user can trivially escalate to admin via the web UI. Publicly available exploit code exists in the GitHub Security Advisory GHSA-r3cw-c95m-wfh9, but there is no public exploit identified beyond the PoC and the issue is not in CISA KEV.

Authentication Bypass
NVD GitHub
EPSS 0% CVSS 1.9
LOW PATCH Monitor

Steeltoe.Configuration.Encryption 4.0.0 through 4.1.0 silently downgrades RSA encryption from OAEP to PKCS#1 v1.5 when operators explicitly configure `encrypt:rsa:algorithm=OAEP`. The root cause is an incorrect BouncyCastle transformation string in `RsaKeyStoreDecryptor.cs` - the `OAEP` branch passed `"RSA/ECB/PKCS1"` to `CipherUtilities.GetCipher()` instead of the correct `"RSA/NONE/OAEPWithSHA1AndMGF1Padding"`, meaning both the `OAEP` and `DEFAULT` settings silently selected the same weaker algorithm. No public exploit is identified at time of analysis, and CVSS scores this at 1.9 (Low) given the high-privilege local attack vector; however, the security consequence is a cryptographic guarantee failure that exposes encrypted configuration secrets to Bleichenbacher-class padding oracle attacks that OAEP was chosen to prevent.

Information Disclosure Steeltoe Configuration Encryption
NVD GitHub
EPSS 0% CVSS 7.4
HIGH PATCH This Week

update_disk_psu_baseline.sh requires password in plain text. Rated high severity (CVSS 7.4).

Information Disclosure Dell Emc Vxrail Appliance
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Security Qradar Edr
NVD VulDB
EPSS 0% CVSS 4.6
MEDIUM This Month

Plaintext credential exposure in GNCC GP5 v7.1.76 allows physically-proximate attackers to capture wireless network credentials by monitoring the device's serial UART interface during routine operations. The device transmits sensitive wireless network information - including network credentials - in cleartext to the serial console, making them trivially readable by anyone with physical access and a UART adapter. No public exploit is identified at time of analysis and no active exploitation is confirmed; however, a researcher-published IoT vulnerability disclosure exists on GitHub detailing the finding.

Information Disclosure N A
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH POC This Week

Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD Exploit-DB
EPSS 0% CVSS 4.8
MEDIUM This Month

ILM Informatique OpenConcerto 1.7.5 stores sensitive passwords in plaintext, allowing authenticated local users to retrieve embedded credentials with low complexity. The vulnerability enables information disclosure of authentication data accessible via local file access, confirmed by CISA SSVC framework as having partial technical impact but no evidence of active exploitation.

Information Disclosure Openconcerto
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy