CWE-522 不充分的凭证保护机制类漏洞列表 389

CWE-522 不充分的凭证保护机制类弱点 389 条 CVE 漏洞汇总，含 AI 中文分析。

CWE-522属于凭据保护不足漏洞，指产品在传输或存储认证凭据时使用了不安全的方法，易导致凭据被未授权方拦截或窃取。攻击者通常通过中间人攻击、网络嗅探或访问未加密的存储介质来获取敏感信息，进而冒充合法用户。开发者应避免使用明文传输，采用TLS等加密协议保护传输过程，并在存储时使用强哈希算法加盐处理，确保凭据机密性与完整性。

MITRE CWE 官方描述

CWE：CWE-522 凭证保护不足英文：产品传输或存储认证凭证（authentication credentials），但使用了不安全的方法，容易受到未经授权的拦截和/或检索。

常见影响 (1)

Access ControlGain Privileges or Assume Identity

An attacker could gain access to user accounts and access sensitive data used by the user accounts.

缓解措施 (3)

Architecture and DesignUse an appropriate security mechanism to protect the credentials.

Architecture and DesignMake appropriate use of cryptography to protect the credentials.

ImplementationUse industry standards to protect the credentials (e.g. LDAP, keystore, etc.).

代码示例 (2)

This code changes a user's password.

$user = $_GET['user']; $pass = $_GET['pass']; $checkpass = $_GET['checkpass']; if ($pass == $checkpass) { SetUserPassword($user, $pass); }

Bad · PHP

The following code reads a password from a properties file and uses the password to connect to a database.

... Properties prop = new Properties(); prop.load(new FileInputStream("config.properties")); String password = prop.getProperty("password"); DriverManager.getConnection(url, usr, password); ...

Bad · Java

CVE ID	标题	CVSS	风险等级	Published
CVE-2025-54863	Radiometrics VizAir 安全漏洞 — VizAir	10.0	Critical	2025-11-04
CVE-2025-12461	Grupo Castilla Epsilon RH 安全漏洞 — Epsilon RH	5.3^AI	Medium^AI	2025-10-29
CVE-2025-62794	GitHub Workflow Updater 安全漏洞 — github-workflow-updater-extension	3.8	Low	2025-10-28
CVE-2025-54808	Oxford Nanopore Technologies MinKNOW 安全漏洞 — MinKNOW	7.8	High	2025-10-23
CVE-2024-42192	HCL Traveler for Microsoft Outlook 安全漏洞 — Traveler for Microsoft Outlook	5.5	Medium	2025-10-16
CVE-2025-62157	Argo Workflows 安全漏洞 — argo-workflows	8.1^AI	High^AI	2025-10-14
CVE-2025-61776	Dependency-Track 安全漏洞 — dependency-track	4.7	Medium	2025-10-07
CVE-2025-37728	Elastic Kibana 安全漏洞 — Kibana	5.4	Medium	2025-10-07
CVE-2025-27231	Zabbix 安全漏洞 — Zabbix	4.9	-	2025-10-03
CVE-2025-34207	Vasion Print Virtual Appliance Host 安全漏洞 — Print Virtual Appliance Host	9.8^AI	Critical^AI	2025-09-29
CVE-2025-10880	Dingtian DT-R002 安全漏洞 — DT-R002	7.5^AI	High^AI	2025-09-25
CVE-2025-10879	Dingtian DT-R002 安全漏洞 — DT-R002	5.3^AI	Medium^AI	2025-09-25
CVE-2025-40838	Ericsson Indoor Connect 安全漏洞 — Indoor Connect 8855	7.5^AI	High^AI	2025-09-25
CVE-2025-10360	Puppet Enterprise Administration Module（PEADM）安全漏洞 — Puppet Enterprise	4.4^AI	Medium^AI	2025-09-24
CVE-2025-54467	NeuVector 安全漏洞 — neuvector	5.3	Medium	2025-09-17
CVE-2025-23342	NVIDIA NVDebug 安全漏洞 — NVDebug tool	8.2	High	2025-09-09
CVE-2025-42933	SAP Business One 安全漏洞 — SAP Business One (SLD)	8.8	High	2025-09-09
CVE-2025-41682	Bender多款产品安全漏洞 — CC612	8.8	High	2025-09-08
CVE-2025-58366	Onyxia 安全漏洞 — onyxia	9.1^AI	Critical^AI	2025-09-05
CVE-2025-52549	Copeland E3 Supervisory Control 安全漏洞 — E3 Supervisory Control	9.8^AI	Critical^AI	2025-09-02
CVE-2025-52545	Copeland E3 Supervisory Control 安全漏洞 — E3 Supervisory Control	9.1^AI	Critical^AI	2025-09-02
CVE-2025-6519	Copeland E3 Supervisory Control 安全漏洞 — E3 Supervisory Control	9.8^AI	Critical^AI	2025-09-02
CVE-2025-55306	GenX FX Trading System 安全漏洞 — GenX_FX	9.8	Critical	2025-08-19
CVE-2025-40751	Siemens SIMATIC RTLS Locating Manager 安全漏洞 — SIMATIC RTLS Locating Manager	6.3	Medium	2025-08-12
CVE-2025-54882	Himmelblau 安全漏洞 — himmelblau	7.1	High	2025-08-07
CVE-2025-54876	Janssen 安全漏洞 — jans	5.5^AI	Medium^AI	2025-08-05
CVE-2025-38739	Dell Digital Delivery 安全漏洞 — Dell Digital Delivery	7.2	High	2025-08-04
CVE-2025-53008	GLPI 安全漏洞 — glpi	6.5	Medium	2025-07-30
CVE-2025-5922	TSplus Remote Access Admin Tool 安全漏洞 — TSplus Remote Access	8.8^AI	High^AI	2025-07-29
CVE-2025-54428	RevelaCode 安全漏洞 — RevelaCode-Backend	9.8	Critical	2025-07-28

CWE-522（不充分的凭证保护机制）是常见的弱点类别，本平台收录该类弱点关联的 389 条 CVE 漏洞。

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

CWE-522 不充分的凭证保护机制 类漏洞列表 389

目标达成感谢每一位支持者 — 我们达成了 100% 目标！

CWE-522 不充分的凭证保护机制类漏洞列表 389