CWE-255: Credentials Management Errors — known CVE vulnerabilities
CVEs classified under CWE-255 (Credentials Management Errors), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2016-0898 — CVSS 10.0 (critical): MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the…
CVE-2015-7906 — CVSS 10.0 (critical): LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100, and LIP-ME201 devices allow remote attackers to read a password-hash backup file via…
CVE-2015-7856 — CVSS 10.0 (critical): OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging…
CVE-2014-9736 — CVSS 10.0 (critical): GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2)…
CVE-2014-7233 — CVSS 10.0 (critical): GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for…
CVE-2014-7232 — CVSS 10.0 (critical): GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3)…
CVE-2013-7442 — CVSS 10.0 (critical): GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of (1) CANal1 for the Administrator user and (2) iis for the IIS…
CVE-2013-7405 — CVSS 10.0 (critical): The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has…
CVE-2013-7404 — CVSS 10.0 (critical): GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact…
CVE-2012-6695 — CVSS 10.0 (critical): GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and…
CVE-2012-6694 — CVSS 10.0 (critical): GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has…
CVE-2012-6693 — CVSS 10.0 (critical): GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw…
CVE-2012-6660 — CVSS 10.0 (critical): GE Healthcare Precision MPi has a password of (1) orion for the serviceapp user, (2) orion for the clinical operator user, and (3)…
CVE-2011-5324 — CVSS 10.0 (critical): The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions, has a password of (1)…
CVE-2011-5323 — CVSS 10.0 (critical): GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions has a password of A11enda1e for the sa SQL server user…
CVE-2011-5322 — CVSS 10.0 (critical): GE Healthcare Centricity Analytics Server 1.1 has a default password of (1) V0yag3r for the SQL Server sa user, (2) G3car3s for the analyst…
CVE-2010-5310 — CVSS 10.0 (critical): The Acquisition Workstation for the GE Healthcare Revolution XQ/i has a password of adw3.1 for the sdc user, which has unspecified impact…
CVE-2010-5309 — CVSS 10.0 (critical): GE Healthcare CADStream Server has a default password of confirma for the admin user, which has unspecified impact and attack vectors.
CVE-2010-5308 — CVSS 10.0 (critical): GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users…
CVE-2010-5307 — CVSS 10.0 (critical): The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the…
CVE-2010-5306 — CVSS 10.0 (critical): GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default password of #bigguy for the root user, which has unspecified impact and…
CVE-2009-5143 — CVSS 10.0 (critical): GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) acqservice user and (2) wsservice user of the Xeleris System, which has…
CVE-2007-6757 — CVSS 10.0 (critical): GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse!Admin for the Museadmin user, which has unspecified impact and attack…
CVE-2006-7253 — CVSS 10.0 (critical): GE Healthcare Infinia II has a default password of (1) infinia for the infinia user, (2) #bigguy1 for the acqservice user, (3) dont4get2…
CVE-2004-2777 — CVSS 10.0 (critical): GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin…
CVE-2003-1603 — CVSS 10.0 (critical): GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) "2" for the LOCAL…
CVE-2002-2446 — CVSS 10.0 (critical): GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without…
CVE-2001-1594 — CVSS 10.0 (critical): GE Healthcare eNTEGRA P&R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polestar-i…
CVE-2015-4262 — CVSS 10.0 (critical): The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the…
CVE-2015-1842 — CVSS 10.0 (critical): The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd…
CVE-2015-0930 — CVSS 10.0 (critical): The web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a100 has a hardcoded administrative password, which…
CVE-2014-3692 — CVSS 10.0 (critical): The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a…
CVE-2014-9406 — CVSS 10.0 (critical): ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account…
CVE-2014-8496 — CVSS 10.0 (critical): Digicom DG-5514T ADSL router with firmware 3.2 generates predictable session IDs, which allows remote attackers to gain administrator…
CVE-2014-9183 — CVSS 10.0 (critical): ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges.
CVE-2014-8656 — CVSS 10.0 (critical): The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of…
CVE-2013-5755 — CVSS 10.0 (critical): config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin…
CVE-2014-2198 — CVSS 10.0 (critical): Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which…
CVE-2014-1849 — CVSS 10.0 (critical): Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera…
CVE-2014-0683 — CVSS 10.0 (critical): The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 and…
CVE-2013-5400 — CVSS 10.0 (critical): An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows…
CVE-2013-6034 — CVSS 10.0 (critical): The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan…
CVE-2013-7248 — CVSS 10.0 (critical): Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag…
CVE-2013-6884 — CVSS 10.0 (critical): The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which…
CVE-2013-5558 — CVSS 10.0 (critical): The WIL-A module in Cisco TelePresence VX Clinical Assistant 1.2 before 1.21 changes the admin password to an empty password upon a reboot…
CVE-2013-2579 — CVSS 10.0 (critical): TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 have an…
CVE-2010-5290 — CVSS 10.0 (critical): The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is…
CVE-2013-3612 — CVSS 10.0 (critical): Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier…
CVE-2013-4031 — CVSS 10.0 (critical): The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module…
CVE-2013-3454 — CVSS 10.0 (critical): Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices…