CVE-2024-29978

MEDIUM Year: 2024
CVSS v3 Score
5.9
Medium
Weakness Type
CWE-256
View all →

Vulnerability Description

User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Related Vulnerabilities

CVE-2021-43590

MEDIUM
CVSS:6.0(Medium)

Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially expl...

CWE-2562021

CVE-2024-45283

MEDIUM
CVSS:6.0(Medium)

SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploita...

CWE-2562024

CVE-2024-28325

MEDIUM
CVSS:6.1(Medium)

Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings.

CWE-2562024

CVE-2024-52361

MEDIUM
CVSS:5.7(Medium)

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 stores user credentials in plain text which can be read by an authenticated user with access to the pod.

CWE-2562024

CVE-2025-25727

MEDIUM
CVSS:6.2(Medium)

Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System versions: 6.25 & 6.00 were discovered to store passwords in cleartext.

CWE-2562025

CVE-2020-1669

MEDIUM
CVSS:6.3(Medium)

The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. Th...

CWE-2562020