An administrator could discover another account's credentials.
An authenticated user without user-management permissions could view other users account information.
An authenticated administrator could modify the Created By username for a user account
An authenticated user without user-management permissions could identify other user accounts.
An unauthenticated user could discover account credentials via a brute-force attack without rate limiting
Extraction of Account Connectivity Credentials (ACCs) from the IT Management Agent secure storage
A Credential Disclosure vulnerability exists where an administrator could extract the stored SMTP account credentials due to lack of encryption.
An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.
An attacker with a network connection could detect credentials in clear text.
An authenticated user without user administrative permissions could change the administrator Account Name.
CWE-798 Use of Hard-coded Credentials
A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credent
A CWE-1392 “Use of Default Credentials” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin credent
A password is exposed locally.
CWE-798: Use of Hard-coded Credentials
Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system.
TP-Link TL-WR845N(UN)_V4_201214, TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 were discovered to contain weak default credentials for the Administrator account.
The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function.
In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. This could lead to local information discl
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.
Page 1+ Next →