CWE-257 · Storing Passwords in a Recoverable Format

64 CVEs classified under CWE-257 (Storing Passwords in a Recoverable Format). Browse by severity and year.

Top CVEs for CWE-257
CVESeverityScorePublishedSummary
CVE-2025-8904High8.52025-08-13Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory…
CVE-2025-6996High8.42025-07-08Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker…
CVE-2025-6995High8.42025-07-08Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker…
CVE-2016-15058High8.12026-04-03Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure…
CVE-2022-34838High8.12022-08-24Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data p…
CVE-2023-31150High8.02023-05-10 A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database syste…
CVE-2022-32519High8.02023-01-30A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network…
CVE-2023-21726High7.82023-01-10Windows Credential Manager User Interface Elevation of Privilege Vulnerability
CVE-2022-22251High7.82022-10-18On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Junip…
CVE-2017-9942High7.82017-08-08A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated…
CVE-2026-20128High7.52026-02-25A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user pr…
CVE-2025-0280High7.52025-09-03A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access.
CVE-2024-1480High7.52024-04-19Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication.
CVE-2023-5627High7.52023-11-01A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implemen…
CVE-2021-27485High7.52021-06-16ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to re…
CVE-2022-47376High7.32023-06-13The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the…
CVE-2019-3736High7.22019-09-27Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malic…
CVE-2025-57796Medium6.82026-01-28Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords a…
CVE-2024-32932Medium6.82024-07-02Under certain circumstances the web interface users credentials may be recovered by an authenticated user.
CVE-2024-32756Medium6.82024-07-02Under certain circumstances the Linux users credentials may be recovered by an authenticated user.