CWE-255

781 CVEs classified under CWE-255. Browse by severity and year.

Top CVEs for CWE-255
CVESeverityScorePublishedSummary
CVE-2016-0898Critical10.02018-03-29MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component l…
CVE-2020-3140Critical9.82020-07-16A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthori…
CVE-2020-10287Critical9.82020-07-15The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documente…
CVE-2019-7488Critical9.82019-12-23Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability a…
CVE-2018-7820Critical9.82019-09-17A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to b…
CVE-2019-13560Critical9.82019-07-11D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter.
CVE-2017-8229Critical9.82019-07-03Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. If the firmware version V2.420…
CVE-2017-6900Critical9.82019-07-03An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When callin…
CVE-2017-9385Critical9.82019-06-17An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows…
CVE-2019-7690Critical9.82019-05-13In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH private key and its password can be retrieved from process memory for the lifetime of the proce…
CVE-2017-6047Critical9.82019-04-02Detcon Sitewatch Gateway, all versions without cellular, Passwords are presented in plaintext in a file that is accessible without authentication.
CVE-2010-5305Critical9.82019-03-26The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controll…
CVE-2014-5433Critical9.82019-03-26An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum I…
CVE-2017-17836Critical9.82019-01-23In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An att…
CVE-2015-9278Critical9.82019-01-16MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-cha…
CVE-2018-15719Critical9.82018-12-12Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network w…
CVE-2018-15389Critical9.82018-10-05A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administr…
CVE-2016-6554Critical9.82018-07-13Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of…
CVE-2016-6553Critical9.82018-07-13Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-random default credentials of: admin:admin and localdisplay:111111. A remote network attack…
CVE-2016-6552Critical9.82018-07-13Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device.