CVE-2022-43958

CRITICAL Year: 2022
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-256
View all →

Vulnerability Description

A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All versions < V12.39). User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users.

Related Vulnerabilities

CVE-2022-36308

CRITICAL
CVSS:9.1(Critical)

Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyo...

CWE-2562022

CVE-2024-6118

CRITICAL
CVSS:9.1(Critical)

A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to t...

CWE-2562024

CVE-2020-5315

HIGH
CVSS:8.8(High)

Dell EMC Repository Manager (DRM) version 3.2 contains a plain-text password storage vulnerability. Proxy server user password is stored in a plain text in a local database. A local authenticated mali...

CWE-2562020

CVE-2022-33928

HIGH
CVSS:8.8(High)

Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the dis...

CWE-2562022

CVE-2022-4308

HIGH
CVSS:8.8(High)

Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked.

CWE-2562022

CVE-2023-41610

HIGH
CVSS:8.8(High)

Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext.

CWE-2562023