CWE-257— Storing Passwords in a Recoverable Format
62 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-257page 2 of 2
- CVE-2025-57789MEDIUMCVSS 5.4EG 5.42025-08-20
During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured.
- CVE-2025-57796MEDIUMCVSS 6.8EG 6.82026-01-28
Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted off…
- CVE-2025-58049MEDIUMCVSS 5.8EG 5.82025-08-28
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs st…
- CVE-2025-6995HIGHCVSS 8.4EG 8.42025-07-08
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.
- CVE-2025-6996HIGHCVSS 8.4EG 8.42025-07-08
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.
- CVE-2025-8095CRITICALCVSS 9.1EG 9.12026-04-14
The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be conside…
- CVE-2025-8307MEDIUMCVSS 5.9EG 0.02026-01-08
Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded p…
- CVE-2025-8904HIGHCVSS 8.5EG 8.52025-08-13
Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher pri…
- CVE-2026-20128HIGHCVSS 7.5EG 9.0⚠ KEV2026-02-25
A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of …
- CVE-2026-22574MEDIUMCVSS 4.1EG 4.12026-04-14
A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 thro…
- CVE-2026-22576MEDIUMCVSS 4.3EG 4.32026-04-14
A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 thro…
- CVE-2026-22614MEDIUMCVSS 6.1EG 6.12026-03-10
The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored an…
Map vulnerabilities like CWE-257 to your infrastructure
EchelonGraph correlates every CVE — across CWE-257 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →