CWE-261: CWE-261

Dell networking devices with vulnerable firmware versions use weak password encryption, allowing remote attackers to decrypt stored credentials. This ...

CVE-2024-45273 allows an unauthenticated local attacker to decrypt device configuration files due to weak encryption implementation, potentially compr...

CVE-2024-8455 allows attackers to intercept authentication tokens used by PLANET Technology's swctrl service and crack them to obtain plaintext passwo...

This vulnerability in web-flash v3.0 allows attackers to reset passwords for any user account without authorization via a crafted POST request to the ...

This vulnerability in Dell PowerScale OneFS involves weak encoding for NDMP passwords, allowing a malicious privileged local attacker to potentially c...

CVE-2020-14481 is a vulnerability in Rockwell Automation's FactoryTalk View SE DeskLock tool that uses weak encryption for stored credentials. This al...

SaTECH BCU firmware version 2.1.3 uses weak password encryption, allowing attackers with system or website access to obtain credentials. This affects ...

This vulnerability allows remote unauthenticated attackers to obtain plaintext passwords by sniffing and decrypting encrypted password packets during ...

A weak cryptography vulnerability in WIC200 version 1.1 allows remote attackers to intercept network traffic and decode base64-encoded credentials to ...

A weak password encoding vulnerability in JTEKT's HMI ViewJet C-more series allows local authenticated attackers to obtain authentication information....

CVE-2025-67652 allows attackers with access to project files to extract exposed credentials and use them for privilege escalation, user impersonation,...

CVE-2022-34445 is a weak password encoding vulnerability in Dell PowerScale OneFS that allows local privileged attackers to potentially decode stored ...

Advantech ADAM-5550 industrial controllers store and transmit user credentials using only base64 encoding, which provides no meaningful encryption. Th...

This vulnerability in syngo.plaza VB30E allows attackers to recover unencrypted passwords due to improper encryption. This could lead to unauthorized ...

Strapi versions before 5.10.3 do not enforce a maximum password length when using bcryptjs for password hashing, causing passwords longer than 72 byte...

Adobe Experience Manager versions 6.5.15.0 and earlier use weak cryptography for password storage, allowing low-privileged attackers who already posse...

This vulnerability exposes device credentials transmitted in base64-encoded HTTP headers, allowing attackers to intercept and decode authentication in...