374 vulnerabilities classified as CWE-522 (不充分的凭证保护机制). AI Chinese analysis included.
CWE-522 represents a critical security weakness where authentication credentials are transmitted or stored using insecure methods, leaving them vulnerable to unauthorized interception or retrieval. Attackers typically exploit this flaw by employing network sniffing tools to capture unencrypted data in transit or by accessing poorly secured local storage to extract plaintext passwords. This exposure allows malicious actors to gain unauthorized access to user accounts, bypassing intended security controls and compromising system integrity. To prevent such vulnerabilities, developers must implement robust cryptographic standards, ensuring that all credentials are encrypted both during transmission via protocols like TLS and while at rest using strong hashing algorithms. Additionally, adhering to the principle of least privilege and regularly auditing authentication mechanisms helps mitigate the risk of credential theft, ensuring that sensitive data remains protected against common interception techniques.
$user = $_GET['user']; $pass = $_GET['pass']; $checkpass = $_GET['checkpass']; if ($pass == $checkpass) { SetUserPassword($user, $pass); }... Properties prop = new Properties(); prop.load(new FileInputStream("config.properties")); String password = prop.getProperty("password"); DriverManager.getConnection(url, usr, password); ...| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-26856 | DELL EMC Repository Manager 安全漏洞 — Dell Repository Manager (DRM) | 8.2 | High | 2022-04-21 |
| CVE-2022-27179 | ICSA-22-104-03 Red Lion DA50N — DA50N | 4.6 | Medium | 2022-04-20 |
| CVE-2021-3681 | Ansible Galaxy Collections 安全漏洞 — ansible | 5.5 | - | 2022-04-18 |
| CVE-2022-1026 | Kyocera Net View Address Book Exposure — Multifunction Printer Net Viewer | 8.6 | High | 2022-04-04 |
| CVE-2021-33024 | Philips Vue PACS Insufficiently Protected Credentials — Vue PACS | 3.7 | Low | 2022-04-01 |
| CVE-2022-0862 | ePO password change vulnerability — McAfee ePolicy Orchestrator (ePO) | 3.1 | Low | 2022-03-23 |
| CVE-2022-0859 | ePO database restoration vulnerability — McAfee ePolicy Orchestrator (ePO) | 6.5 | Medium | 2022-03-23 |
| CVE-2021-23222 | PostgreSQL 安全漏洞 — postgresql | 5.9 | - | 2022-03-02 |
| CVE-2021-22798 | Schneider Electric Conext™ComBox 安全漏洞 — Conext� ComBox (All Versions) | 7.5 | - | 2022-02-11 |
| CVE-2022-0019 | GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux — GlobalProtect App | 4.7 | Medium | 2022-02-10 |
| CVE-2021-44451 | API sensitive information leak — Apache Superset | 6.5 | - | 2022-02-01 |
| CVE-2022-23223 | Apache ShenYu Password leakage — Apache ShenYu (incubating) | 7.5 | - | 2022-01-25 |
| CVE-2021-23196 | Fresenius Kabi Agilia Connect Infusion System insufficiently protected credentials — Agilia Link+ | 7.3 | High | 2022-01-21 |
| CVE-2021-32039 | MongoDB Extension for VS Code may unexpectedly store credentials locally in clear text — MongoDB for VS Code | 5.5 | Medium | 2022-01-20 |
| CVE-2021-42023 | ModelSim Simulation 安全漏洞 — ModelSim Simulation | 5.5 | - | 2021-12-14 |
| CVE-2021-3789 | Binatone Motorola-branded Camera 加密问题漏洞 — Binatone Hubble Cameras | 4.2 | Medium | 2021-11-12 |
| CVE-2021-41972 | Credentials leak — Apache Superset | 6.5 | - | 2021-11-12 |
| CVE-2021-40503 | SAP GUI 信息泄露漏洞 — SAP GUI for Windows | 7.1 | - | 2021-11-10 |
| CVE-2021-41300 | ECOA BAS controller - Insufficiently Protected Credentials-2 — ECS Router Controller ECS (FLASH) | 9.8 | Critical | 2021-09-30 |
| CVE-2021-41297 | ECOA BAS controller - Insufficiently Protected Credentials-1 — ECS Router Controller ECS (FLASH) | 8.8 | High | 2021-09-30 |
| CVE-2021-34733 | Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability — Cisco Prime Infrastructure | 5.5 | Medium | 2021-09-02 |
| CVE-2021-34560 | A vulnerability in WirelessHART-Gateway <= 3.0.9 could lead to information exposure of sensitive information — WHA-GW-F2D2-0-AS- Z2-ETH | 5.5 | Medium | 2021-08-31 |
| CVE-2021-35529 | Password in Memory Vulnerability in Retail Operations Product and Counterparty Settlement and Billing (CSB) — Retail Operations | 7.7 | High | 2021-08-20 |
| CVE-2021-27495 | Ypsomed mylife App 安全漏洞 — Ypsomed mylife Cloud, mylife Mobile Application | 9.1 | - | 2021-07-30 |
| CVE-2021-27491 | Ypsomed mylife App 安全漏洞 — Ypsomed mylife Cloud, mylife Mobile Application | 7.5 | - | 2021-07-30 |
| CVE-2021-34700 | Cisco SD-WAN vManage Software Information Disclosure Vulnerability — Cisco SD-WAN vManage | 5.5 | Medium | 2021-07-22 |
| CVE-2021-35965 | Learningdigital.com, Inc. Orca HCM - Hard-code password — Orca HCM | 9.8 | Critical | 2021-07-19 |
| CVE-2021-22781 | Schneider Electric EcoStruxure Control Expert 安全漏洞 — EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions | 5.5 | - | 2021-07-14 |
| CVE-2021-22780 | Schneider Electric EcoStruxure Control Expert 安全漏洞 — EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions | 7.1 | - | 2021-07-14 |
| CVE-2021-22778 | Schneider Electric EcoStruxure Control Expert 安全漏洞 — EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions | 7.1 | - | 2021-07-14 |
Vulnerabilities classified as CWE-522 (不充分的凭证保护机制) represent 374 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.