Common Weakness Enumeration

CWE-257

Allowed

Storing Passwords in a Recoverable Format

Abstraction: Base · Status: Incomplete

The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.

115 vulnerabilities reference this CWE, most recent first.

GHSA-MFJG-PMXX-73HF

Vulnerability from github – Published: 2024-04-20 00:31 – Updated: 2024-04-20 00:31
VLAI
Details

Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-1480"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-257"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-19T22:15:07Z",
    "severity": "HIGH"
  },
  "details": "Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication.",
  "id": "GHSA-mfjg-pmxx-73hf",
  "modified": "2024-04-20T00:31:53Z",
  "published": "2024-04-20T00:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1480"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-109-01"
    },
    {
      "type": "WEB",
      "url": "https://www.dragos.com/advisory/unitronics-vision-standard"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MP6J-7G85-8PG2

Vulnerability from github – Published: 2026-02-25 18:31 – Updated: 2026-04-20 21:31
VLAI
Details

A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to gain DCA user privileges on an affected system. To exploit this vulnerability, the attacker must have valid vmanage credentials on the affected system.

This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by accessing the filesystem as a low-privileged user and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-20128"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-257"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-25T17:25:30Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to gain DCA user privileges on an affected system. To exploit this vulnerability, the attacker must have valid\u0026nbsp;vmanage credentials on the affected system.\n\nThis vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by accessing the filesystem as a low-privileged user and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges.\nNote: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.",
  "id": "GHSA-mp6j-7g85-8pg2",
  "modified": "2026-04-20T21:31:38Z",
  "published": "2026-02-25T18:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20128"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20128"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P3W8-3XP5-28CV

Vulnerability from github – Published: 2025-10-14 12:31 – Updated: 2025-10-14 12:31
VLAI
Details

A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords.

Successful exploitation of this vulnerability allows an attacker to obtain and use valid user passwords. This can lead to unauthorized access to user accounts, data breaches, and potential system compromise.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-40774"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-257"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-14T10:15:38Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in SiPass integrated (All versions \u003c V3.0). Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords.\n\nSuccessful exploitation of this vulnerability allows an attacker to obtain and use valid user passwords. This can lead to unauthorized access to user accounts, data breaches, and potential system compromise.",
  "id": "GHSA-p3w8-3xp5-28cv",
  "modified": "2025-10-14T12:31:31Z",
  "published": "2025-10-14T12:31:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40774"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-599451.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-P56M-3V53-439X

Vulnerability from github – Published: 2024-01-19 03:30 – Updated: 2024-01-19 03:30
VLAI
Details

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38738"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-257"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-19T01:15:08Z",
    "severity": "MODERATE"
  },
  "details": "\nIBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594.\n\n",
  "id": "GHSA-p56m-3v53-439x",
  "modified": "2024-01-19T03:30:22Z",
  "published": "2024-01-19T03:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38738"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/262594"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7107775"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PX27-WCGR-7GF5

Vulnerability from github – Published: 2024-06-13 09:31 – Updated: 2026-04-08 21:32
VLAI
Details

The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible for authenticated attackers, with administrative-level access and above, to view the SMTP password for the supplied server. Although this would not be useful for attackers in most cases, if an administrator account becomes compromised this could be useful information to an attacker in a limited environment.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-3073"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-257"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-13T09:15:13Z",
    "severity": "LOW"
  },
  "details": "The Easy WP SMTP by SendLayer \u2013 WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible for authenticated attackers, with administrative-level access and above, to view the SMTP password for the supplied server. Although this would not be useful for attackers in most cases, if an administrator account becomes compromised this could be useful information to an attacker in a limited environment.",
  "id": "GHSA-px27-wcgr-7gf5",
  "modified": "2026-04-08T21:32:46Z",
  "published": "2024-06-13T09:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3073"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3101553%40easy-wp-smtp\u0026new=3101553%40easy-wp-smtp\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b043197c-4477-4663-abb8-5840173c574d?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q434-RCG9-V539

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05
VLAI
Details

ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-27485"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-257"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-16T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser.",
  "id": "GHSA-q434-rcg9-v539",
  "modified": "2022-05-24T19:05:31Z",
  "published": "2022-05-24T19:05:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27485"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-Q79X-49VQ-539X

Vulnerability from github – Published: 2025-08-04 18:30 – Updated: 2025-11-03 21:34
VLAI
Details

RUCKUS Network Director (RND) before 4.5 stores passwords in a recoverable format.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-44958"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-257"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-04T17:15:29Z",
    "severity": "MODERATE"
  },
  "details": "RUCKUS Network Director (RND) before 4.5 stores passwords in a recoverable format.",
  "id": "GHSA-q79x-49vq-539x",
  "modified": "2025-11-03T21:34:19Z",
  "published": "2025-08-04T18:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-44958"
    },
    {
      "type": "WEB",
      "url": "https://claroty.com/team82/disclosure-dashboard/cve-2025-44958"
    },
    {
      "type": "WEB",
      "url": "https://kb.cert.org/vuls/id/613753"
    },
    {
      "type": "WEB",
      "url": "https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/613753"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RJ8R-3HFQ-PWJ3

Vulnerability from github – Published: 2025-03-31 06:30 – Updated: 2025-03-31 06:30
VLAI
Details

Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, an attacker who can access the microSD card used on the product may obtain the product login password.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-24852"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-257"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-31T05:15:15Z",
    "severity": "MODERATE"
  },
  "details": "Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, an attacker who can access the microSD card used on the product may obtain the product login password.",
  "id": "GHSA-rj8r-3hfq-pwj3",
  "modified": "2025-03-31T06:30:26Z",
  "published": "2025-03-31T06:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24852"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU91154745"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04"
    },
    {
      "type": "WEB",
      "url": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V738-924G-MM67

Vulnerability from github – Published: 2026-03-05 18:31 – Updated: 2026-03-25 18:31
VLAI
Details

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbb_common on Windows, MacOS, Linux (Password security module, config encryption, machine UID modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files hbb_common/src/password_security.Rs, hbb_common/src/config.Rs, hbb_common/src/lib.Rs (get_uuid), machine-uid/src/lib.Rs and program routines symmetric_crypt(), encrypt_str_or_original(), decrypt_str_or_original(), get_uuid(), get_machine_id().

This issue affects RustDesk Client: through 1.4.5.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-30785"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-257"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-05T16:16:19Z",
    "severity": "HIGH"
  },
  "details": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027), Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbb_common on Windows, MacOS, Linux (Password security module, config encryption, machine UID modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files hbb_common/src/password_security.Rs, hbb_common/src/config.Rs, hbb_common/src/lib.Rs (get_uuid), machine-uid/src/lib.Rs and program routines symmetric_crypt(), encrypt_str_or_original(), decrypt_str_or_original(), get_uuid(), get_machine_id().\n\nThis issue affects RustDesk Client: through 1.4.5.",
  "id": "GHSA-v738-924g-mm67",
  "modified": "2026-03-25T18:31:36Z",
  "published": "2026-03-05T18:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30785"
    },
    {
      "type": "WEB",
      "url": "https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rustdesk/rustdesk/discussions/4979"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rustdesk/rustdesk/discussions/9229"
    },
    {
      "type": "WEB",
      "url": "https://www.vulsec.org"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-VX77-F96X-GPJP

Vulnerability from github – Published: 2026-01-08 15:31 – Updated: 2026-01-08 15:31
VLAI
Details

Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using an algorithm embedded in the client-side part of the software.  This vulnerability has been fixed in versions 4.50.1 and 5.38.0

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-8307"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-257"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-08T14:15:56Z",
    "severity": "MODERATE"
  },
  "details": "Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using an algorithm embedded in the client-side part of the software.\u00a0\nThis vulnerability has been fixed in versions\u00a04.50.1 and 5.38.0",
  "id": "GHSA-vx77-f96x-gpjp",
  "modified": "2026-01-08T15:31:25Z",
  "published": "2026-01-08T15:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8307"
    },
    {
      "type": "WEB",
      "url": "https://cert.pl/en/posts/2026/01/CVE-2025-8306"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Architecture and Design

Use strong, non-reversible encryption to protect stored passwords.

CAPEC-49: Password Brute Forcing

An adversary tries every possible value for a password until they succeed. A brute force attack, if feasible computationally, will always be successful because it will essentially go through all possible passwords given the alphabet used (lower case letters, upper case letters, numbers, symbols, etc.) and the maximum length of the password.