CVE-2024-39846

LOW Year: 2024
CVSS v3 Score
3.5
Low
Weakness Type
CWE-312
View all →

Vulnerability Description

NewPass before 1.2.0 stores passwords (rather than password hashes) directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during use.

Related Vulnerabilities

CVE-2023-46294

LOW
CVSS:3.4(Low)

An issue was discovered in Teledyne FLIR M300 2.00-19. User account passwords are encrypted locally, and can be decrypted to cleartext passwords using the utility umSetup. This utility requires root p...

CWE-3122023

CVE-2024-51993

LOW
CVSS:3.4(Low)

Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3....

CWE-3122024

CVE-2010-3282

LOW
CVSS:3.3(Low)

389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw)...

CWE-3122010

CVE-2019-10433

LOW
CVSS:3.3(Low)

Jenkins Dingding[钉钉] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file s...

CWE-3122019

CVE-2019-10450

LOW
CVSS:3.3(Low)

Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

CWE-3122019

CVE-2019-4687

LOW
CVSS:3.7(Low)

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server l...

CWE-3122019