CVE-2025-4053

MEDIUM Year: 2025
Weakness Type
CWE-312
View all →

Vulnerability Description

The data stored in Be-Tech Mifare Classic card is stored in cleartext. An attacker having access to a Be-Tech hotel guest Mifare Classic card can create a master key card that unlocks all the locks in the building. This issue affects all Be-Tech Mifare Classic card systems. To fix the vulnerability, it is necessary to replace the software, encoder, cards, and PCBs in the locks.

Related Vulnerabilities

CVE-2024-36119

LOW
CVSS:1.8(Low)

Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the `user:register_form` tag will have their password confirmation stored in plain t...

CWE-3122024

CVE-2021-36782

CRITICAL
CVSS:9.9(Critical)

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API...

CWE-3122021

CVE-2001-1481

CRITICAL
CVSS:9.8(Critical)

Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.

CWE-3122001

CVE-2008-0174

CRITICAL
CVSS:9.8(Critical)

GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal t...

CWE-3122008

CVE-2014-5433

CRITICAL
CVSS:9.8(Critical)

An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700B...

CWE-3122014

CVE-2018-18394

CRITICAL
CVSS:9.8(Critical)

Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.

CWE-3122018