CVE-2024-40457

CRITICAL Year: 2024
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-312
View all →

Vulnerability Description

No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that may occur on a command line or in a file. NOTE: the vendor's position is that cleartext in /etc/default/noip-duc is recommended and is the intentional behavior.

Related Vulnerabilities

CVE-2022-25158

CRITICAL
CVSS:9.1(Critical)

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi E...

CWE-3122022

CVE-2023-41095

CRITICAL
CVSS:9.1(Critical)

Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in ...

CWE-3122023

CVE-2024-36497

CRITICAL
CVSS:9.1(Critical)

The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. It can be used to remove the existing restrictions and disable WINSelect entirely.

CWE-3122024

CVE-2017-2672

HIGH
CVSS:8.8(High)

A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems...

CWE-3122017

CVE-2017-9654

HIGH
CVSS:8.8(High)

The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:...

CWE-3122017

CVE-2019-10348

HIGH
CVSS:8.8(High)

Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

CWE-3122019