Skip to main content

CWE-257

Storing Passwords in a Recoverable Format

53 CVEs Avg CVSS 6.3 MITRE
2
CRITICAL
19
HIGH
26
MEDIUM
4
LOW
5
POC
1
KEV

Monthly

CVE-2026-1836 MEDIUM PATCH This Month

Credential exposure in Redmine allows any local attacker with access to a previously-used browser session to recover plaintext login credentials stored by the application after form submission. The flaw (CWE-257) affects all tracked Redmine versions per NVD CPE data and represents a classic insecure credential storage issue. No public exploit has been identified at time of analysis, and exploitation is constrained to local attack vectors requiring prior user interaction.

Information Disclosure Redmine
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-22574 MEDIUM This Month

Fortinet FortiSOAR stores LDAP service account passwords in a recoverable format, allowing authenticated high-privilege remote attackers to retrieve plaintext or weakly protected credentials by modifying the LDAP server address in configuration. This affects FortiSOAR PaaS and on-premise versions 7.3 through 7.6.4. The vulnerability requires high-level administrative authentication and poses a confidentiality risk to stored credentials, with no evidence of active exploitation or public exploit code at time of analysis.

Fortinet Information Disclosure
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2026-22576 MEDIUM This Month

Fortinet FortiSOAR PaaS and on-premise versions 7.3 through 7.6.4 store connector passwords in a recoverable format, allowing authenticated remote attackers to retrieve plaintext or weakly encrypted credentials for multiple installed connectors by modifying the server address in connector configuration. This affects security orchestration workflows that depend on connector authentication for external integrations.

Fortinet Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-8095 CRITICAL Act Now

Progress OpenEdge 12.2.0-12.2.18 and 12.8.0-12.8.9 expose stored passwords and secrets to decryption through cryptographically weak OECH1 prefix encoding. Remote unauthenticated attackers can exploit this weakness to recover obfuscated credentials and sensitive data (CVSS 9.1, VC:H/VI:H). No public exploit identified at time of analysis, but the vulnerability is automatable with total technical impact per SSVC framework, making credential harvesting straightforward once encoding is accessed.

Information Disclosure Openedge
NVD
CVSS 4.0
9.1
EPSS
0.0%
CVE-2016-15058 HIGH This Week

Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hirschmann Hilcos Classic Platform
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-22614 MEDIUM This Month

Eaton EasySoft project files use weak encryption vulnerable to brute force attacks, allowing local attackers with file access to extract sensitive information and modify project configurations. An authenticated user on the affected system can exploit this weakness to compromise confidentiality and integrity of stored data. No patch is currently available for this vulnerability.

Information Disclosure Easysoft
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-30785 HIGH This Week

RustDesk Client through version 1.4.5 on Windows, macOS, and Linux uses weak password hashing and improper object prototype handling in its password security and configuration encryption modules, allowing local authenticated attackers to extract embedded sensitive data including passwords and machine identifiers. The vulnerability affects critical cryptographic functions including symmetric_crypt() and decrypt_str_or_original(), enabling attackers with local access and valid credentials to compromise encrypted credentials and system identifiers. No patch is currently available.

Information Disclosure Microsoft Apple Windows macOS
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-20128 HIGH POC KEV THREAT Act Now

Privilege escalation in Cisco Catalyst SD-WAN Manager (versions prior to 20.18) enables authenticated local attackers with valid vmanage credentials to obtain Data Collection Agent (DCA) user privileges by reading an unprotected credential file from the filesystem. Confirmed actively exploited (CISA KEV) with publicly available exploit code despite low EPSS score (0.02%), indicating targeted attacks rather than widespread scanning. High-privileged initial access requirement (PR:H) and high attack complexity (AC:H) limit exploitability, but scope change (S:C) enables lateral movement to other SD-WAN systems.

Cisco Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
Threat
4.5
CVE-2025-57796 MEDIUM This Month

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained. [CVSS 6.8 MEDIUM]

Information Disclosure Blue
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-14295 Monitor

from 6.0 versions up to 9.0 contains a vulnerability that allows attackers to access stored passwords in a recoverable format which makes them subject to pass.

Windows
NVD
EPSS
0.0%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Credential exposure in Redmine allows any local attacker with access to a previously-used browser session to recover plaintext login credentials stored by the application after form submission. The flaw (CWE-257) affects all tracked Redmine versions per NVD CPE data and represents a classic insecure credential storage issue. No public exploit has been identified at time of analysis, and exploitation is constrained to local attack vectors requiring prior user interaction.

Information Disclosure Redmine
NVD VulDB
EPSS 0% CVSS 4.1
MEDIUM This Month

Fortinet FortiSOAR stores LDAP service account passwords in a recoverable format, allowing authenticated high-privilege remote attackers to retrieve plaintext or weakly protected credentials by modifying the LDAP server address in configuration. This affects FortiSOAR PaaS and on-premise versions 7.3 through 7.6.4. The vulnerability requires high-level administrative authentication and poses a confidentiality risk to stored credentials, with no evidence of active exploitation or public exploit code at time of analysis.

Fortinet Information Disclosure
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Fortinet FortiSOAR PaaS and on-premise versions 7.3 through 7.6.4 store connector passwords in a recoverable format, allowing authenticated remote attackers to retrieve plaintext or weakly encrypted credentials for multiple installed connectors by modifying the server address in connector configuration. This affects security orchestration workflows that depend on connector authentication for external integrations.

Fortinet Information Disclosure
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Progress OpenEdge 12.2.0-12.2.18 and 12.8.0-12.8.9 expose stored passwords and secrets to decryption through cryptographically weak OECH1 prefix encoding. Remote unauthenticated attackers can exploit this weakness to recover obfuscated credentials and sensitive data (CVSS 9.1, VC:H/VI:H). No public exploit identified at time of analysis, but the vulnerability is automatable with total technical impact per SSVC framework, making credential harvesting straightforward once encoding is accessed.

Information Disclosure Openedge
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hirschmann Hilcos Classic Platform
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Eaton EasySoft project files use weak encryption vulnerable to brute force attacks, allowing local attackers with file access to extract sensitive information and modify project configurations. An authenticated user on the affected system can exploit this weakness to compromise confidentiality and integrity of stored data. No patch is currently available for this vulnerability.

Information Disclosure Easysoft
NVD VulDB
EPSS 0% CVSS 8.2
HIGH This Week

RustDesk Client through version 1.4.5 on Windows, macOS, and Linux uses weak password hashing and improper object prototype handling in its password security and configuration encryption modules, allowing local authenticated attackers to extract embedded sensitive data including passwords and machine identifiers. The vulnerability affects critical cryptographic functions including symmetric_crypt() and decrypt_str_or_original(), enabling attackers with local access and valid credentials to compromise encrypted credentials and system identifiers. No patch is currently available.

Information Disclosure Microsoft Apple +2
NVD GitHub VulDB
EPSS 0% 4.5 CVSS 7.5
HIGH POC KEV THREAT Act Now

Privilege escalation in Cisco Catalyst SD-WAN Manager (versions prior to 20.18) enables authenticated local attackers with valid vmanage credentials to obtain Data Collection Agent (DCA) user privileges by reading an unprotected credential file from the filesystem. Confirmed actively exploited (CISA KEV) with publicly available exploit code despite low EPSS score (0.02%), indicating targeted attacks rather than widespread scanning. High-privileged initial access requirement (PR:H) and high attack complexity (AC:H) limit exploitability, but scope change (S:C) enables lateral movement to other SD-WAN systems.

Cisco Information Disclosure
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained. [CVSS 6.8 MEDIUM]

Information Disclosure Blue
NVD GitHub
EPSS 0%
Monitor

from 6.0 versions up to 9.0 contains a vulnerability that allows attackers to access stored passwords in a recoverable format which makes them subject to pass.

Windows
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy