CWE-256 209 個 CVE MITRE 定義 ↗

CWE-256:Plaintext Storage of a Password

概覽

CWE-256(Plaintext Storage of a Password)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product stores a password in plaintext within resources such as memory or files.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined
technology ICS/OT Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-14867 2026-07-07 Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials.  Active Directory accoun…
CVE-2026-57302 2026-06-24 Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to th…
CVE-2026-50268 2026-06-17 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Encryption 4.0.0 through 4.1.0, configuring `encr…
CVE-2024-39575 2026-06-16 update_disk_psu_baseline.sh requires password in plain text
CVE-2024-45636 2026-06-11 IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user.
CVE-2026-36174 2026-06-04 GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain…
CVE-2018-25396 2026-05-29 Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attack…
CVE-2026-42151 2026-05-04 Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/az…
CVE-2026-6500 2026-05-04 Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data. This issue affects OpenConcerto: 1.7.5.
CVE-2025-36335 2026-04-30 IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user.
CVE-2026-6597 2026-04-19 A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flow…
CVE-2025-15624 2026-04-17 Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.  In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pr…
CVE-2021-47961 2026-04-10 A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead t…
CVE-2026-35556 2026-04-09 OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information.
CVE-2025-36258 2026-03-25 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user.
CVE-2026-33216 2026-03-25 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords are…
CVE-2026-31850 2026-03-23 Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration…
CVE-2026-4251 2026-03-16 A vulnerability was determined in CityData CityChat up to 0.12.6 on Android. Affected by this vulnerability is an unknown functionality of the file resources/assets/flutter_assets/assets/credentials.j…
CVE-2026-4250 2026-03-16 A vulnerability was found in Albert Sağlık Hizmetleri ve Ticaret Albert Health up to 1.7.3 on Android. Affected is an unknown function of the file resources/assets/service-account.json of the componen…
CVE-2026-4243 2026-03-16 A weakness has been identified in La Nacion App 10.2.25 on Android. This impacts an unknown function of the file source/app/lanacion/clublanacion/BuildConfig.java of the component app.lanacion.activit…

曾用名

  • Plaintext Storage (2008-01-30)
  • Plaintext Storage of a Password (2018-01-23)
  • Plaintext Storage of a Password (2018-03-27)
  • Unprotected Storage of Credentials (2021-07-20)

內容提交

名稱
7 Pernicious Kingdoms
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-09-08 CWE Content Team 1.0 updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities
2009-07-27 CWE Content Team 1.5 updated Demonstrative_Examples
2011-06-01 CWE Content Team 1.13 updated Common_Consequences, Relationships, Taxonomy_Mappings
2012-05-11 CWE Content Team 2.2 updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings
2012-10-30 CWE Content Team 2.3 updated Demonstrative_Examples, Potential_Mitigations
2014-06-23 CWE Content Team 2.7 updated Description, Modes_of_Introduction, Other_Notes, Potential_Mitigations, Relationships
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, Modes_of_Introduction, Relationships
2018-03-27 CWE Content Team 3.1 updated Name, Relationships
2019-06-20 CWE Content Team 3.3 updated Type
2020-02-24 CWE Content Team 4.0 updated References, Relationships
2021-03-15 CWE Content Team 4.4 updated Demonstrative_Examples
2021-07-20 CWE Content Team 4.5 updated Description, Name, Relationships
2021-10-28 CWE Content Team 4.6 updated Relationships
2022-10-13 CWE Content Team 4.9 updated Demonstrative_Examples, Observed_Examples, References
2023-01-31 CWE Content Team 4.10 updated Applicable_Platforms
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2024-02-29 CWE Content Team 4.14 updated Taxonomy_Mappings
2025-09-09 CWE Content Team 4.18 updated Common_Consequences, Description, Diagram
2025-12-11 CWE Content Team 4.19 updated Relationships

貢獻

類型 名稱 日期 評論
Content participants in the CWE ICS/OT SIG 62443 Mapping Fall Workshop 2023-11-14 Contributed or reviewed taxonomy mappings for ISA/IEC 62443
cvelogic Threat Intelligence