374 vulnerabilities classified as CWE-522 (不充分的凭证保护机制). AI Chinese analysis included.
CWE-522 represents a critical security weakness where authentication credentials are transmitted or stored using insecure methods, leaving them vulnerable to unauthorized interception or retrieval. Attackers typically exploit this flaw by employing network sniffing tools to capture unencrypted data in transit or by accessing poorly secured local storage to extract plaintext passwords. This exposure allows malicious actors to gain unauthorized access to user accounts, bypassing intended security controls and compromising system integrity. To prevent such vulnerabilities, developers must implement robust cryptographic standards, ensuring that all credentials are encrypted both during transmission via protocols like TLS and while at rest using strong hashing algorithms. Additionally, adhering to the principle of least privilege and regularly auditing authentication mechanisms helps mitigate the risk of credential theft, ensuring that sensitive data remains protected against common interception techniques.
$user = $_GET['user']; $pass = $_GET['pass']; $checkpass = $_GET['checkpass']; if ($pass == $checkpass) { SetUserPassword($user, $pass); }... Properties prop = new Properties(); prop.load(new FileInputStream("config.properties")); String password = prop.getProperty("password"); DriverManager.getConnection(url, usr, password); ...| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-1537 | Cisco ThousandEyes Recorder Information Disclosure Vulnerability — Cisco ThousandEyes Recorder Application | 6.2 | Medium | 2021-06-04 |
| CVE-2020-27839 | Red Hat Ceph 安全漏洞 — ceph-dashboard | 5.4 | - | 2021-05-26 |
| CVE-2019-25030 | Versa Networks Versa Director 安全漏洞 — Versa Director, Versa Analytics, Versa VOS | 6.5 | - | 2021-05-26 |
| CVE-2021-3528 | Red Hat OpenShift 日志信息泄露漏洞 — NooBaa | 8.8 | - | 2021-05-13 |
| CVE-2021-20997 | WAGO: Managed Switches: Unauthorized access to password hashes — 0852-0303 | 7.5 | High | 2021-05-13 |
| CVE-2021-30167 | MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera - Broken Authentication — P2/Z2/P3/Z3 IP camera firmware | 9.8 | Critical | 2021-04-28 |
| CVE-2021-29262 | Misapplied Zookeeper ACLs can result in leakage of configured authentication and authorization settings — Apache Solr | 7.5 | - | 2021-04-13 |
| CVE-2021-28171 | Vangene deltaFlow E-platform - Broken Authentication — deltaFlow E-platform | 9.8 | Critical | 2021-04-06 |
| CVE-2021-1392 | Cisco IOS and IOS XE Software Common Industrial Protocol Privilege Escalation Vulnerability — Cisco IOS | 7.8 | High | 2021-03-24 |
| CVE-2019-10225 | Red Hat OpenShift Container Platform 安全漏洞 — atomic-openshift | 8.3 | - | 2021-03-19 |
| CVE-2021-3344 | Red Hat OpenShift Container Platform 安全漏洞 — openshift/builder | 8.8 | - | 2021-03-16 |
| CVE-2021-22681 | Rockwell Automation RSLogix 500 和 Logix Designer Studio 5000 安全漏洞 — Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers | 9.8 | - | 2021-03-03 |
| CVE-2020-14391 | Red Hat Enterprise Linux 安全漏洞 — gnome-settings-daemon | 5.5 | - | 2021-02-08 |
| CVE-2020-27258 | 多款Sooil产品信息泄露漏洞 — SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A | 6.5 | - | 2021-01-19 |
| CVE-2021-22132 | Elastic 资源管理错误漏洞 — Elasticsearch | 4.3 | - | 2021-01-14 |
| CVE-2020-28390 | Siemens Opcenter 信息泄露漏洞 — Opcenter Execution Core | 5.5 | - | 2021-01-12 |
| CVE-2020-27781 | OpenStack 安全漏洞 — Ceph | 7.8 | - | 2020-12-18 |
| CVE-2020-25235 | Siemens LOGO! 8 BM 安全漏洞 — LOGO! 8 BM (incl. SIPLUS variants) | 7.5 | - | 2020-12-14 |
| CVE-2020-28219 | Schneider Electric EcoStruxure Geo SCADA Expert 授权问题漏洞 — EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoStruxure Geo SCADA Expert 2020 (Original release and Monthly Updates to September 2020, from 83.7551.1 to 83.7578.1) | 7.8 | - | 2020-12-11 |
| CVE-2020-8259 | Nextcloud Server 安全漏洞 — Nextcloud Server | 5.5 | - | 2020-11-16 |
| CVE-2020-8152 | Nextcloud 安全漏洞 — Nextcloud Server | 5.5 | - | 2020-11-16 |
| CVE-2020-15157 | containerd can be coerced into leaking credentials during image pull — containerd | 6.1 | Medium | 2020-10-16 |
| CVE-2020-8339 | IBM BladeCenter 跨站脚本漏洞 — BladeCenter AMM firmware | 4.3 | Medium | 2020-09-15 |
| CVE-2020-16097 | Gallagher Group Command Centre 安全漏洞 — Command Centre | 7.3 | High | 2020-09-15 |
| CVE-2020-15791 | Siemens SIMATIC 安全漏洞 — SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) | 9.8 | - | 2020-09-09 |
| CVE-2020-7299 | Sensitive Data Exposure vulnerability in McAfee True Key Windows Client — McAfee True Key Windows client | 5.0 | Medium | 2020-09-04 |
| CVE-2020-7307 | DLP for Mac - Unprotected Storage of Credentials — Data Loss Prevention(DLP) | 5.2 | Medium | 2020-08-13 |
| CVE-2020-7306 | DLP for Mac - Unprotected Storage of Credentials — Data Loss Prevention(DLP) | 5.2 | Medium | 2020-08-13 |
| CVE-2020-14334 | Red Hat Satellite 访问控制错误漏洞 — Red Hat Satellite | 7.8 | - | 2020-07-31 |
| CVE-2020-14489 | OpenClinic GA — OpenClinic GA | 6.2 | Medium | 2020-07-29 |
Vulnerabilities classified as CWE-522 (不充分的凭证保护机制) represent 374 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.