CVE-2024-42012

MEDIUM Year: 2024
CVSS v3 Score
5.7
Medium
Weakness Type
CWE-522
View all →

Vulnerability Description

GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's Blocky password and from there impersonate that local user.

Related Vulnerabilities

CVE-2017-12123

MEDIUM
CVSS:5.7(Medium)

An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get t...

CWE-5222017

CVE-2020-27270

MEDIUM
CVSS:5.7(Medium)

SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in tran...

CWE-5222020

CVE-2022-27774

MEDIUM
CVSS:5.7(Medium)

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is u...

CWE-5222022

CVE-2024-11703

MEDIUM
CVSS:5.7(Medium)

On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133.

CWE-5222024

CVE-2019-10139

MEDIUM
CVSS:5.6(Medium)

During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the applianc...

CWE-5222019

CVE-2010-4178

MEDIUM
CVSS:5.5(Medium)

MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console

CWE-5222010