CWE-257 · Storing Passwords in a Recoverable Format
64 CVEs classified under CWE-257 (Storing Passwords in a Recoverable Format). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-8904 | High | 8.5 | 2025-08-13 | Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory… |
CVE-2025-6996 | High | 8.4 | 2025-07-08 | Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker… |
CVE-2025-6995 | High | 8.4 | 2025-07-08 | Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker… |
CVE-2016-15058 | High | 8.1 | 2026-04-03 | Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure… |
CVE-2022-34838 | High | 8.1 | 2022-08-24 | Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data p… |
CVE-2023-31150 | High | 8.0 | 2023-05-10 | A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database syste… |
CVE-2022-32519 | High | 8.0 | 2023-01-30 | A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network… |
CVE-2023-21726 | High | 7.8 | 2023-01-10 | Windows Credential Manager User Interface Elevation of Privilege Vulnerability |
CVE-2022-22251 | High | 7.8 | 2022-10-18 | On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Junip… |
CVE-2017-9942 | High | 7.8 | 2017-08-08 | A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated… |
CVE-2026-20128 | High | 7.5 | 2026-02-25 | A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user pr… |
CVE-2025-0280 | High | 7.5 | 2025-09-03 | A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access. |
CVE-2024-1480 | High | 7.5 | 2024-04-19 | Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication. |
CVE-2023-5627 | High | 7.5 | 2023-11-01 | A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implemen… |
CVE-2021-27485 | High | 7.5 | 2021-06-16 | ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to re… |
CVE-2022-47376 | High | 7.3 | 2023-06-13 | The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the… |
CVE-2019-3736 | High | 7.2 | 2019-09-27 | Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malic… |
CVE-2025-57796 | Medium | 6.8 | 2026-01-28 | Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords a… |
CVE-2024-32932 | Medium | 6.8 | 2024-07-02 | Under certain circumstances the web interface users credentials may be recovered by an authenticated user. |
CVE-2024-32756 | Medium | 6.8 | 2024-07-02 | Under certain circumstances the Linux users credentials may be recovered by an authenticated user. |