How severe is CVE-2020-26079?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.1 out of 10.

What type of vulnerability is CVE-2020-26079?

This is classified as CWE-256, which is a common weakness in software security.

CVE-2020-26079 - MEDIUM Severity | CVSS 4.1

Vulnerability Description

A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by logging in as an administrative user and crafting a call for user information. A successful exploit could allow the attacker to obtain hashes of user passwords on an affected device.

Related Vulnerabilities

CVE-2024-4232

MEDIUM

CVSS:4.1(Medium)

This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to lack of encryption or hashing in storing of passwords within the router's firmware/ da...

CWE-2562024

CVE-2024-45638

MEDIUM

CVSS:4.1(Medium)

IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user.

CWE-2562024

CVE-2023-2632

MEDIUM

CVSS:4.3(Medium)

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permissi...

CWE-2562023

CVE-2023-2633

MEDIUM

CVSS:4.3(Medium)

Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them.

CWE-2562023

CVE-2024-31899

MEDIUM

CVSS:4.3(Medium)

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device.

CWE-2562024

CVE-2025-31724

MEDIUM

CVSS:4.3(Medium)

Jenkins Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users ...

CWE-2562025