CVE-2019-16638

HIGH Year: 2019
CVSS v3 Score
7.5
High
Weakness Type
CWE-312
View all →

Vulnerability Description

An issue was found on the Ruijie EG-2000 series gateway. An attacker can easily dump cleartext stored passwords in /data/config.text with simple XORs. This affects EG-2000SE EG_RGOS 11.1(1)B1.

Related Vulnerabilities

CVE-2001-1536

HIGH
CVSS:7.5(High)

Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-...

CWE-3122001

CVE-2001-1537

HIGH
CVSS:7.5(High)

The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication informa...

CWE-3122001

CVE-2002-1800

HIGH
CVSS:7.5(High)

phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password.

CWE-3122002

CVE-2004-2397

HIGH
CVSS:7.5(High)

The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allo...

CWE-3122004

CVE-2005-1828

HIGH
CVSS:7.5(High)

D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information.

CWE-3122005

CVE-2005-2160

HIGH
CVSS:7.5(High)

IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information.

CWE-3122005