目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-522 不充分的凭证保护机制 类漏洞列表 373

CWE-522 不充分的凭证保护机制 类弱点 373 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-522属于凭据保护不足漏洞,指产品在传输或存储认证凭据时使用了不安全的方法,易导致凭据被未授权方拦截或窃取。攻击者通常通过中间人攻击、网络嗅探或访问未加密的存储介质来获取敏感信息,进而冒充合法用户。开发者应避免使用明文传输,采用TLS等加密协议保护传输过程,并在存储时使用强哈希算法加盐处理,确保凭据机密性与完整性。

MITRE CWE 官方描述
CWE:CWE-522 凭证保护不足 英文:产品传输或存储认证凭证(authentication credentials),但使用了不安全的方法,容易受到未经授权的拦截和/或检索。
常见影响 (1)
Access ControlGain Privileges or Assume Identity
An attacker could gain access to user accounts and access sensitive data used by the user accounts.
缓解措施 (3)
Architecture and DesignUse an appropriate security mechanism to protect the credentials.
Architecture and DesignMake appropriate use of cryptography to protect the credentials.
ImplementationUse industry standards to protect the credentials (e.g. LDAP, keystore, etc.).
代码示例 (2)
This code changes a user's password.
$user = $_GET['user']; $pass = $_GET['pass']; $checkpass = $_GET['checkpass']; if ($pass == $checkpass) { SetUserPassword($user, $pass); }
Bad · PHP
The following code reads a password from a properties file and uses the password to connect to a database.
... Properties prop = new Properties(); prop.load(new FileInputStream("config.properties")); String password = prop.getProperty("password"); DriverManager.getConnection(url, usr, password); ...
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2026-41506 go-git 跨主机重定向凭证泄露漏洞 — go-git 4.7 Medium2026-05-08
CVE-2025-62345 HCL BigFix RunBookAI 输入文本漏洞 — BigFix RunBookAI 2.7 Low2026-05-06
CVE-2026-23927 Agent 2 Oracle插件TNS注入漏洞 — Zabbix--2026-05-06
CVE-2026-42367 GeoVision LPC2011/2211 ssi.cgi权限提升漏洞 — GV-LPC2011/LPC2211 6.5 Medium2026-05-04
CVE-2026-6446 My Social Feeds <=1.0.4 敏感信息泄露漏洞 — My Social Feeds – Social Feeds Embedder Plugin for WordPress 5.4 Medium2026-05-02
CVE-2026-35155 Dell iDRAC10 安全漏洞 — iDRAC10 7.1 High2026-04-29
CVE-2026-7038 SSH MCP Server 安全漏洞 — ssh-mcp 3.3 Low2026-04-26
CVE-2026-39462 SenseLive X3050 安全漏洞 — X3050 8.1 High2026-04-23
CVE-2026-41345 OpenClaw 安全漏洞 — OpenClaw 5.3 Medium2026-04-23
CVE-2026-6408 Tanium Server 安全漏洞 — Tanium Server 2.7 Low2026-04-22
CVE-2025-15622 Sparx Enterprise Architect 安全漏洞 — Sparx Enterprise Architect 6.5AIMediumAI2026-04-17
CVE-2025-36568 Dell PowerProtect Data Domain 安全漏洞 — PowerProtect Data Domain BoostFS 7.8 High2026-04-17
CVE-2025-15621 Sparx Enterprise Architect 安全漏洞 — Sparx Enterprise Architect 8.8AIHighAI2026-04-16
CVE-2026-32171 Microsoft Azure Logic Apps 安全漏洞 — Azure Logic Apps 8.8 High2026-04-14
CVE-2026-27316 Fortinet FortiSandbox 安全漏洞 — FortiSandbox 2.5 Low2026-04-14
CVE-2026-34262 SAP HANA Cockpit和SAP HANA Database Explorer 安全漏洞 — SAP HANA Cockpit and HANA Database Explorer 5.0 Medium2026-04-14
CVE-2026-35467 cveClient 安全漏洞 — cveClient/encrypt-storage.js 7.5AIHighAI2026-04-02
CVE-2026-33575 OpenClaw 安全漏洞 — OpenClaw 7.5 High2026-03-29
CVE-2025-15617 Wazuh 安全漏洞 — Wazuh (GitHub Actions) 6.5 Medium2026-03-27
CVE-2025-13478 OpenText Identity Manager 安全漏洞 — Identity Manager 3.1 -2026-03-27
CVE-2025-36440 IBM Concert 安全漏洞 — Concert 5.1 Medium2026-03-25
CVE-2025-14790 IBM InfoSphere Information Server 安全漏洞 — InfoSphere Information Server 6.5 Medium2026-03-25
CVE-2025-64998 Checkmk 安全漏洞 — Checkmk 6.5 -2026-03-24
CVE-2026-32913 OpenClaw 安全漏洞 — OpenClaw 9.3 Critical2026-03-23
CVE-2026-31926 IGL-Technologies eParking.fi 安全漏洞 — eParking.fi 6.5 Medium2026-03-20
CVE-2026-28204 CTEK Chargeportal 安全漏洞 — Chargeportal 6.5 Medium2026-03-20
CVE-2026-23658 Microsoft Azure DevOps 安全漏洞 — Azure DevOps: msazure 8.6 High2026-03-19
CVE-2026-32606 IncusOS 安全漏洞 — incus-os 7.7 High2026-03-18
CVE-2026-27027 Everon 安全漏洞 — api.everon.io 6.5 Medium2026-03-06
CVE-2026-27777 Mobiliti 安全漏洞 — e-mobi.hu 6.5 Medium2026-03-06

CWE-522(不充分的凭证保护机制) 是常见的弱点类别,本平台收录该类弱点关联的 373 条 CVE 漏洞。