Common Weakness Enumeration

CWE-312

Allowed

Cleartext Storage of Sensitive Information

Abstraction: Base · Status: Draft

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

1017 vulnerabilities reference this CWE, most recent first.

GHSA-3GPM-78PQ-33VJ

Vulnerability from github – Published: 2025-12-10 21:31 – Updated: 2025-12-17 18:31
VLAI
Details

MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.TAB with overly permissive filesystem access. A local authenticated user with read access to this file can recover all user passwords and super-admin credentials, then use them to authenticate to MailEnable services such as POP3, SMTP, or the webmail interface, enabling unauthorized mailbox access and administrative control.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-34427"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-10T19:16:13Z",
    "severity": "MODERATE"
  },
  "details": "MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.TAB with overly permissive filesystem access. A local authenticated user with read access to this file can recover all user passwords and super-admin credentials, then use them to authenticate to MailEnable services such as POP3, SMTP, or the webmail interface, enabling unauthorized mailbox access and administrative control.",
  "id": "GHSA-3gpm-78pq-33vj",
  "modified": "2025-12-17T18:31:32Z",
  "published": "2025-12-10T21:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34427"
    },
    {
      "type": "WEB",
      "url": "https://mailenable.com/Standard-ReleaseNotes.txt"
    },
    {
      "type": "WEB",
      "url": "https://www.mailenable.com"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/mailenable-cleartext-credential-storage-in-auth-tab"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3H9P-FMW3-6WPV

Vulnerability from github – Published: 2023-12-01 00:31 – Updated: 2024-09-20 18:32
VLAI
Details

LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-46386"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-30T23:15:07Z",
    "severity": "HIGH"
  },
  "details": "LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication.",
  "id": "GHSA-3h9p-fmw3-6wpv",
  "modified": "2024-09-20T18:32:23Z",
  "published": "2023-12-01T00:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46386"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
    },
    {
      "type": "WEB",
      "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Nov/7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3HRW-324R-F9XJ

Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-05-24 17:42
VLAI
Details

Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-27204"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-12T08:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure.",
  "id": "GHSA-3hrw-324r-f9xj",
  "modified": "2022-05-24T17:42:07Z",
  "published": "2022-05-24T17:42:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27204"
    },
    {
      "type": "WEB",
      "url": "https://www.inputzero.io/2020/12/telegram-privacy-fails-again.html"
    },
    {
      "type": "WEB",
      "url": "https://www.youtube.com/watch?v=zEt-_5b4OaA"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-3HXW-4626-CM6F

Vulnerability from github – Published: 2025-08-13 12:31 – Updated: 2025-08-13 12:31
VLAI
Details

This vulnerability exists in ZKTeco WL20 due to storage of admin and user credentials without encryption in the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the unencrypted credentials stored in the firmware of targeted device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-54464"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-13T12:15:25Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability exists in ZKTeco WL20 due to storage of admin and user credentials without encryption in the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the unencrypted credentials stored in the firmware of targeted device.",
  "id": "GHSA-3hxw-4626-cm6f",
  "modified": "2025-08-13T12:31:30Z",
  "published": "2025-08-13T12:31:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54464"
    },
    {
      "type": "WEB",
      "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2025-0172"
    },
    {
      "type": "WEB",
      "url": "https://www.zkteco.com/en/Security_Bulletinsibs/20"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3JQ7-8PH8-63XM

Vulnerability from github – Published: 2022-05-24 17:16 – Updated: 2024-11-18 16:26
VLAI
Summary
Grafana information disclosure
Details

An information-disclosure flaw was found in Grafana. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords).

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/grafana/grafana"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-12458"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312",
      "CWE-732"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-01T21:46:49Z",
    "nvd_published_at": "2020-04-29T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "An information-disclosure flaw was found in Grafana. The database directory `/var/lib/grafana` and database file `/var/lib/grafana/grafana.db` are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords).",
  "id": "GHSA-3jq7-8ph8-63xm",
  "modified": "2024-11-18T16:26:25Z",
  "published": "2022-05-24T17:16:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12458"
    },
    {
      "type": "WEB",
      "url": "https://github.com/grafana/grafana/issues/8283"
    },
    {
      "type": "WEB",
      "url": "https://github.com/grafana/grafana/commit/102448040d5132460e3b0013e03ebedec0677e00"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2020-12458"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827765"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/grafana/grafana"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZS"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEBCIEVSYIDDCA7FTRS2IFUOYLIQU34A"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20200518-0001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Grafana information disclosure"
}

GHSA-3JXJ-C73C-7933

Vulnerability from github – Published: 2025-06-01 12:30 – Updated: 2025-06-01 12:30
VLAI
Details

IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1499"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-01T12:15:24Z",
    "severity": "MODERATE"
  },
  "details": "IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user.",
  "id": "GHSA-3jxj-c73c-7933",
  "modified": "2025-06-01T12:30:24Z",
  "published": "2025-06-01T12:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1499"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7233154"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3M34-2J9G-QVQX

Vulnerability from github – Published: 2023-02-10 12:30 – Updated: 2023-02-27 15:30
VLAI
Details

Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-24410"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-10T11:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces.",
  "id": "GHSA-3m34-2j9g-qvqx",
  "modified": "2023-02-27T15:30:23Z",
  "published": "2023-02-10T12:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24410"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000205719/dsa-2022-325"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3Q27-7QJQ-P9C5

Vulnerability from github – Published: 2026-03-27 15:30 – Updated: 2026-05-13 13:44
VLAI
Summary
Grafana public dashboards disclose all direct mode datasources
Details

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards.

No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve your deployments' security.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 11.6.14"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/grafana/grafana"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 12.1.10"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/grafana/grafana"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "12.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 12.2.8"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/grafana/grafana"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "12.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 12.3.6"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/grafana/grafana"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "12.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 12.4.2"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/grafana/grafana"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "12.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/grafana/grafana"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.9.2-0.20221116104934-4ee83a5f2bf4"
            },
            {
              "fixed": "1.9.2-0.20260325055210-3522153e07b4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-27877"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-312"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-02T20:43:50Z",
    "nvd_published_at": "2026-03-27T15:16:51Z",
    "severity": "MODERATE"
  },
  "details": "When using public dashboards and direct data-sources, all direct data-sources\u0027 passwords are exposed despite not being used in dashboards.\n\nNo passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve your deployments\u0027 security.",
  "id": "GHSA-3q27-7qjq-p9c5",
  "modified": "2026-05-13T13:44:32Z",
  "published": "2026-03-27T15:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27877"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/grafana/grafana"
    },
    {
      "type": "WEB",
      "url": "https://grafana.com/security/security-advisories/cve-2026-27877"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Grafana public dashboards disclose all direct mode datasources"
}

GHSA-3QGJ-R7GQ-79QF

Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40
VLAI
Details

An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW025 Doorbell 2.9.5, Merkury MI-CW024 Doorbell 2.9.6, and Merkury MI-CW017 Camera 2.9.6 devices. A vulnerability exists in the RESTful Services API that allows a remote attacker to take full control of the camera with a high-privileged account. The vulnerability exists because a static username and password are compiled into the ppsapp RESTful application.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-29001"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-26T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW025 Doorbell 2.9.5, Merkury MI-CW024 Doorbell 2.9.6, and Merkury MI-CW017 Camera 2.9.6 devices. A vulnerability exists in the RESTful Services API that allows a remote attacker to take full control of the camera with a high-privileged account. The vulnerability exists because a static username and password are compiled into the ppsapp RESTful application.",
  "id": "GHSA-3qgj-r7gq-79qf",
  "modified": "2022-05-24T17:40:13Z",
  "published": "2022-05-24T17:40:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29001"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/tj-oconnor/371d34342c0cc2be015cc89d6dc2bc66"
    },
    {
      "type": "WEB",
      "url": "https://support.mygeeni.com/hc/en-us"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-3W2C-34CM-PFVC

Vulnerability from github – Published: 2023-05-24 12:30 – Updated: 2023-05-24 12:30
VLAI
Details

A vulnerability has been found in Simple Design Daily Journal 1.012.GP.B on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229819.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2863"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312",
      "CWE-313"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-24T10:15:09Z",
    "severity": "LOW"
  },
  "details": "A vulnerability has been found in Simple Design Daily Journal 1.012.GP.B on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229819.",
  "id": "GHSA-3w2c-34cm-pfvc",
  "modified": "2023-05-24T12:30:17Z",
  "published": "2023-05-24T12:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2863"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.229819"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.229819"
    },
    {
      "type": "WEB",
      "url": "https://www.youtube.com/watch?v=V0u9C5RVSic"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]

Mitigation
Implementation System Configuration Operation

In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.

CAPEC-37: Retrieve Embedded Sensitive Data

An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.