CWE-261 · Weak Encoding for Password
36 CVEs classified under CWE-261 (Weak Encoding for Password). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-10275 | Critical | 9.8 | 2020-06-24 | The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Given a USERNAME and a PASSWORD… |
CVE-2017-7905 | Critical | 9.8 | 2017-06-30 | A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.4… |
CVE-2024-45394 | High | 8.8 | 2024-09-03 | Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypt… |
CVE-2021-21507 | High | 8.8 | 2021-04-30 | Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Pa… |
CVE-2024-45273 | High | 8.4 | 2024-10-15 | An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. |
CVE-2024-8455 | High | 8.1 | 2024-09-30 | The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communicat… |
CVE-2022-45099 | High | 7.8 | 2023-02-01 | Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit… |
CVE-2023-0525 | High | 7.5 | 2023-08-03 | Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.0… |
CVE-2022-38469 | High | 7.5 | 2023-01-17 | An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords. |
CVE-2024-0556 | High | 7.1 | 2024-01-16 | A Weak Cryptography for Passwords vulnerability has been detected on WIC200 affecting version 1.1. This vulnerability allows a remote user to intercept the tra… |
CVE-2023-43776 | Medium | 6.8 | 2023-10-17 | Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the… |
CVE-2025-26401 | Medium | 6.5 | 2025-04-04 | Weak encoding for password vulnerability exists in HMI ViewJet C-more series. If this vulnerability is exploited, authentication information may be obtained by… |
CVE-2025-67652 | Medium | 6.1 | 2026-01-22 | An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to syste… |
CVE-2022-34445 | Medium | 6.0 | 2023-02-10 | Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this… |
CVE-2020-10919 | Medium | 5.9 | 2020-07-23 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen pan… |
CVE-2024-34542 | Medium | 5.7 | 2024-09-27 | Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process. |
CVE-2024-37187 | Medium | 5.7 | 2024-09-27 | Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding. |
CVE-2024-23492 | Medium | 5.7 | 2024-03-01 | A weak encoding is used to transmit credentials for WS203VICM. |
CVE-2023-7237 | Medium | 5.7 | 2024-01-23 | Lantronix XPort sends weakly encoded credentials within web request headers. |
CVE-2023-0356 | Medium | 5.7 | 2023-01-24 | SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining… |