Common Weakness Enumeration

CWE-312

Allowed

Cleartext Storage of Sensitive Information

Abstraction: Base · Status: Draft

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

1017 vulnerabilities reference this CWE, most recent first.

GHSA-6W7R-4V6H-JJQ5

Vulnerability from github – Published: 2022-12-12 18:30 – Updated: 2022-12-15 18:30
VLAI
Details

A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could allow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files to discover the associated simple mail transfer protocol (SMTP) account credentials and the SIM card PIN code. Successful exploitation of this vulnerability could allow an unauthorized user access to the underlying email account and SIM card.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4312"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312",
      "CWE-522"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-12T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could allow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files to discover the associated simple mail transfer protocol (SMTP) account credentials and the SIM card PIN code. Successful exploitation of this vulnerability could allow an unauthorized user access to the underlying email account and SIM card.",
  "id": "GHSA-6w7r-4v6h-jjq5",
  "modified": "2022-12-15T18:30:24Z",
  "published": "2022-12-12T18:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4312"
    },
    {
      "type": "WEB",
      "url": "https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1171-security-bulletin-2022-7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6XPF-79GP-9FC2

Vulnerability from github – Published: 2022-05-24 17:38 – Updated: 2022-05-24 17:38
VLAI
Details

In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml. OS-level users on the QCC host who are not authorized to use QCC may use the plaintext credentials to login to QCC.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-5805"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-08T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "In Marvell QConvergeConsole GUI \u003c= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml. OS-level users on the QCC host who are not authorized to use QCC may use the plaintext credentials to login to QCC.",
  "id": "GHSA-6xpf-79gp-9fc2",
  "modified": "2022-05-24T17:38:22Z",
  "published": "2022-05-24T17:38:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5805"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/research/tra-2021-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-6XPQ-789W-CRHJ

Vulnerability from github – Published: 2023-06-11 15:30 – Updated: 2024-10-16 12:30
VLAI
Details

The Danfoss AK-EM100 stores login credentials in cleartext.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-22584"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-11T14:15:09Z",
    "severity": "HIGH"
  },
  "details": "The Danfoss AK-EM100 stores login credentials in cleartext.",
  "id": "GHSA-6xpq-789w-crhj",
  "modified": "2024-10-16T12:30:47Z",
  "published": "2023-06-11T15:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22584"
    },
    {
      "type": "WEB",
      "url": "https://csirt.divd.nl/CVE-2023-22584"
    },
    {
      "type": "WEB",
      "url": "https://csirt.divd.nl/DIVD-2023-00021"
    },
    {
      "type": "WEB",
      "url": "https://divd.nl/cves/CVE-2023-22584"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-723J-VWR2-6865

Vulnerability from github – Published: 2023-03-23 18:30 – Updated: 2023-03-30 21:30
VLAI
Details

A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper role-based access control (RBAC) with the integration of PnP. An attacker could exploit this vulnerability by authenticating to the device and sending a query to an internal API. A successful exploit could allow the attacker to view sensitive information in clear text, which could include configuration files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20059"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312",
      "CWE-555"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-23T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper role-based access control (RBAC) with the integration of PnP. An attacker could exploit this vulnerability by authenticating to the device and sending a query to an internal API. A successful exploit could allow the attacker to view sensitive information in clear text, which could include configuration files.",
  "id": "GHSA-723j-vwr2-6865",
  "modified": "2023-03-30T21:30:23Z",
  "published": "2023-03-23T18:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20059"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-infodisc-pe7zAbdR"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-72GJ-XRP6-846V

Vulnerability from github – Published: 2025-04-09 09:31 – Updated: 2025-04-09 09:31
VLAI
Details

This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-3442"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-09T07:15:41Z",
    "severity": "MODERATE"
  },
  "details": "This vulnerability exists in TP-Link Tapo\u00a0H200 V1  IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device.",
  "id": "GHSA-72gj-xrp6-846v",
  "modified": "2025-04-09T09:31:24Z",
  "published": "2025-04-09T09:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3442"
    },
    {
      "type": "WEB",
      "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2025-0072"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-72W4-WJVH-293C

Vulnerability from github – Published: 2025-02-14 00:30 – Updated: 2025-02-14 00:30
VLAI
Details

mySCADA myPRO Manager

stores credentials in cleartext, which could allow an attacker to obtain sensitive information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-22896"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-13T22:15:11Z",
    "severity": "CRITICAL"
  },
  "details": "mySCADA myPRO Manager\n\n\nstores credentials in cleartext, which could allow an attacker to obtain sensitive information.",
  "id": "GHSA-72w4-wjvh-293c",
  "modified": "2025-02-14T00:30:44Z",
  "published": "2025-02-14T00:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22896"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16"
    },
    {
      "type": "WEB",
      "url": "https://www.myscada.org/contacts"
    },
    {
      "type": "WEB",
      "url": "https://www.myscada.org/downloads/mySCADAPROManager"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-734G-RVC3-RX28

Vulnerability from github – Published: 2022-06-08 00:00 – Updated: 2022-06-18 00:00
VLAI
Details

** DISPUTED ** FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via a memory dump.- NOTE: the vendor does not consider this a vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-29620"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-07T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "** DISPUTED ** FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via a memory dump.- NOTE: the vendor does not consider this a vulnerability.",
  "id": "GHSA-734g-rvc3-rx28",
  "modified": "2022-06-18T00:00:23Z",
  "published": "2022-06-08T00:00:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29620"
    },
    {
      "type": "WEB",
      "url": "https://whichbuffer.medium.com/filezilla-client-cleartext-storage-of-sensitive-information-in-memory-vulnerability-83958c1e1643"
    },
    {
      "type": "WEB",
      "url": "https://youtu.be/ErZl1i7McHk"
    },
    {
      "type": "WEB",
      "url": "https://youtu.be/eSlfQQytIq0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-73XM-9G5X-69F4

Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44
VLAI
Details

The "Photo,Video Locker-Calculator" application 12.0 for Android has android:allowBackup="true" in AndroidManifest.xml, which allows attackers to obtain sensitive cleartext information via an "adb backup '-f smart.calculator.gallerylock'" command.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-16835"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-20T06:29:00Z",
    "severity": "HIGH"
  },
  "details": "The \"Photo,Video Locker-Calculator\" application 12.0 for Android has android:allowBackup=\"true\" in AndroidManifest.xml, which allows attackers to obtain sensitive cleartext information via an \"adb backup \u0027-f smart.calculator.gallerylock\u0027\" command.",
  "id": "GHSA-73xm-9g5x-69f4",
  "modified": "2022-05-13T01:44:13Z",
  "published": "2022-05-13T01:44:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16835"
    },
    {
      "type": "WEB",
      "url": "https://www.ds-security.com/2017/11/16/photovideo-locker-calculator-leak-of-sensitive-files"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-746G-3GFP-HFHW

Vulnerability from github – Published: 2023-01-26 23:54 – Updated: 2023-12-14 22:26
VLAI
Summary
Devise Gem for Ruby Unauthorized Access Using "Remember Me" Cookie
Details

Devise version before 3.5.4 uses cookies to implement a "Remember me" functionality. However, it generates the same cookie for all devices. If an attacker manages to steal a remember me cookie and the user does not change the password frequently, the cookie can be used to gain access to the application indefinitely.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "devise"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.5.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2015-8314"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288",
      "CWE-312"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-26T23:54:07Z",
    "nvd_published_at": "2023-12-12T17:15:07Z",
    "severity": "HIGH"
  },
  "details": "Devise version before 3.5.4 uses cookies to implement a \"Remember me\" functionality. However, it generates the same cookie for all devices. If an attacker manages to steal a remember me cookie and the user does not change the password frequently, the cookie can be used to gain access to the application indefinitely.\n",
  "id": "GHSA-746g-3gfp-hfhw",
  "modified": "2023-12-14T22:26:44Z",
  "published": "2023-01-26T23:54:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8314"
    },
    {
      "type": "WEB",
      "url": "https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-746g-3gfp-hfhw"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/heartcombo/devise"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/devise/CVE-2015-8314.yml"
    },
    {
      "type": "WEB",
      "url": "https://rubysec.com/advisories/CVE-2015-8314"
    },
    {
      "type": "WEB",
      "url": "http://blog.plataformatec.com.br/2016/01/improve-remember-me-cookie-expiration-in-devise"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Devise Gem for Ruby Unauthorized Access Using \"Remember Me\" Cookie"
}

GHSA-748V-PXM5-9M8Q

Vulnerability from github – Published: 2022-12-22 21:30 – Updated: 2025-04-15 18:31
VLAI
Details

Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. Instead, the username (not password) was saved by the Form Manager to an unencrypted file on disk. This vulnerability affects Firefox < 106.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-42931"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312",
      "CWE-922"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-22T20:15:00Z",
    "severity": "LOW"
  },
  "details": "Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. Instead, the username (not password) was saved by the Form Manager to an unencrypted file on disk. This vulnerability affects Firefox \u003c 106.",
  "id": "GHSA-748v-pxm5-9m8q",
  "modified": "2025-04-15T18:31:34Z",
  "published": "2022-12-22T21:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42931"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1780571"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-44"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]

Mitigation
Implementation System Configuration Operation

In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.

CAPEC-37: Retrieve Embedded Sensitive Data

An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.