CWE-257
AllowedStoring Passwords in a Recoverable Format
Abstraction: Base · Status: Incomplete
The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.
115 vulnerabilities reference this CWE, most recent first.
GHSA-4MQ8-R6PG-HWP6
Vulnerability from github – Published: 2026-04-14 18:30 – Updated: 2026-04-14 18:30A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve Service account password via server address modification in LDAP configuration.
{
"affected": [],
"aliases": [
"CVE-2026-22574"
],
"database_specific": {
"cwe_ids": [
"CWE-257",
"CWE-522"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-14T16:16:36Z",
"severity": "MODERATE"
},
"details": "A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve Service account password via server address modification in LDAP configuration.",
"id": "GHSA-4mq8-r6pg-hwp6",
"modified": "2026-04-14T18:30:35Z",
"published": "2026-04-14T18:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22574"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-105"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-53QQ-VWHM-MJ5J
Vulnerability from github – Published: 2024-07-02 21:32 – Updated: 2024-07-02 21:32Under certain circumstances the Linux users credentials may be recovered by an authenticated user.
{
"affected": [],
"aliases": [
"CVE-2024-32756"
],
"database_specific": {
"cwe_ids": [
"CWE-257"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-02T14:15:12Z",
"severity": "MODERATE"
},
"details": "Under certain circumstances the Linux users credentials may be recovered by an authenticated user.",
"id": "GHSA-53qq-vwhm-mj5j",
"modified": "2024-07-02T21:32:14Z",
"published": "2024-07-02T21:32:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32756"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-05"
},
{
"type": "WEB",
"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-635W-84XV-8JJV
Vulnerability from github – Published: 2025-12-15 15:30 – Updated: 2025-12-15 21:30NetSupport Manager < 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file can decode the stored value to recover the plaintext Gateway Key. Possession of the Gateway Key allows unauthorized access to NetSupport Manager connectivity services and enables remote control of systems managed through the same key.
{
"affected": [],
"aliases": [
"CVE-2025-34180"
],
"database_specific": {
"cwe_ids": [
"CWE-257"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-15T15:15:49Z",
"severity": "HIGH"
},
"details": "NetSupport Manager\u00a0\u003c 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file can decode the stored value to recover the plaintext Gateway Key. Possession of the Gateway Key allows unauthorized access to NetSupport Manager connectivity services and enables remote control of systems managed through the same key.",
"id": "GHSA-635w-84xv-8jjv",
"modified": "2025-12-15T21:30:30Z",
"published": "2025-12-15T15:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34180"
},
{
"type": "WEB",
"url": "https://kb.netsupportsoftware.com/knowledge-base/updating-and-securing-netsupport-manager"
},
{
"type": "WEB",
"url": "https://ret2.me/post/2025-12-04-exploiting-netsupport-gateway"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/netsupport-manager-gateway-key-reversible-encoding-credential-recovery"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-6GWG-W9P5-2C42
Vulnerability from github – Published: 2024-05-14 15:32 – Updated: 2024-07-03 18:40Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by eliminating the send of Admin Role passwords in the Node.js socket.
{
"affected": [],
"aliases": [
"CVE-2023-42955"
],
"database_specific": {
"cwe_ids": [
"CWE-257",
"CWE-522"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T13:46:21Z",
"severity": "MODERATE"
},
"details": "Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by eliminating the send of Admin Role passwords in the Node.js socket.",
"id": "GHSA-6gwg-w9p5-2c42",
"modified": "2024-07-03T18:40:08Z",
"published": "2024-05-14T15:32:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42955"
},
{
"type": "WEB",
"url": "https://support.claris.com/s/article/Administrator-role-passwords-being-exposed-when-logged-into-the-Admin-Console?language=en_US"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-7477-PXVJ-G72X
Vulnerability from github – Published: 2023-11-01 18:30 – Updated: 2023-11-01 18:30A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service.
{
"affected": [],
"aliases": [
"CVE-2023-5627"
],
"database_specific": {
"cwe_ids": [
"CWE-257",
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-01T16:15:08Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service. \n",
"id": "GHSA-7477-pxvj-g72x",
"modified": "2023-11-01T18:30:33Z",
"published": "2023-11-01T18:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5627"
},
{
"type": "WEB",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-232905-nport-6000-series-incorrect-implementation-of-authentication-algorithm-vulnerability"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-79GC-W327-W4F2
Vulnerability from github – Published: 2025-04-08 15:31 – Updated: 2026-06-09 12:31A storing passwords in a recoverable format in Fortinet FortiOS versions 7.2.0 through 7.2.1 allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server.
{
"affected": [],
"aliases": [
"CVE-2024-32122"
],
"database_specific": {
"cwe_ids": [
"CWE-257"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T14:15:31Z",
"severity": "LOW"
},
"details": "A storing passwords in a recoverable format in Fortinet FortiOS versions 7.2.0 through 7.2.1 allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server.",
"id": "GHSA-79gc-w327-w4f2",
"modified": "2026-06-09T12:31:58Z",
"published": "2025-04-08T15:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32122"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-864900.html"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-111"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7GXH-P4C9-CQ3R
Vulnerability from github – Published: 2022-05-13 01:32 – Updated: 2025-05-22 18:31All versions of the Medtronic 2090 Carelink Programmer are affected by a per-product username and password that is stored in a recoverable format which could allow an attacker with physical access to a 2090 Programmer to obtain per-product credentials to the software deployment network.
{
"affected": [],
"aliases": [
"CVE-2018-5446"
],
"database_specific": {
"cwe_ids": [
"CWE-257",
"CWE-522"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-04T18:29:00Z",
"severity": "MODERATE"
},
"details": "All versions of the Medtronic 2090 Carelink Programmer are affected by a per-product username and password that is stored in a recoverable format which could allow an attacker with physical access to a 2090 Programmer to obtain per-product credentials to the software deployment network.",
"id": "GHSA-7gxh-p4c9-cq3r",
"modified": "2025-05-22T18:31:07Z",
"published": "2022-05-13T01:32:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5446"
},
{
"type": "WEB",
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/carelink-2090-29901.html"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-058-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8XF3-X93C-2CH6
Vulnerability from github – Published: 2024-09-27 18:32 – Updated: 2025-09-22 18:30TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally.
{
"affected": [],
"aliases": [
"CVE-2024-45744"
],
"database_specific": {
"cwe_ids": [
"CWE-257",
"CWE-522"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-27T16:15:04Z",
"severity": "LOW"
},
"details": "TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745.\u00a0At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally.",
"id": "GHSA-8xf3-x93c-2ch6",
"modified": "2025-09-22T18:30:29Z",
"published": "2024-09-27T18:32:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45744"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-24-254-02.json"
},
{
"type": "WEB",
"url": "https://www.topquadrant.com/doc/latest/administrator_guide/edg_installation_and_authentication/hashicorp_integration.html"
},
{
"type": "WEB",
"url": "https://www.topquadrant.com/doc/latest/reference/PasswordManagementAdminPage.html"
},
{
"type": "WEB",
"url": "https://www.topquadrant.com/release-note/7-3"
},
{
"type": "WEB",
"url": "https://www.topquadrant.com/wp-content/uploads/2025/02/changes-8.3.0.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-95W6-QMMC-2W7R
Vulnerability from github – Published: 2025-07-08 15:32 – Updated: 2025-07-08 15:32Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.
{
"affected": [],
"aliases": [
"CVE-2025-6995"
],
"database_specific": {
"cwe_ids": [
"CWE-257"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T15:15:33Z",
"severity": "HIGH"
},
"details": "Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users\u2019 passwords.",
"id": "GHSA-95w6-qmmc-2w7r",
"modified": "2025-07-08T15:32:04Z",
"published": "2025-07-08T15:32:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6995"
},
{
"type": "WEB",
"url": "https://forums.ivanti.com/s/article/Security-Advisory-July-2025-for-Ivanti-EPM-2024-SU2-and-EPM-2022-SU8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9G5Q-CQ8H-F2R5
Vulnerability from github – Published: 2024-07-02 21:32 – Updated: 2024-07-02 21:32Under certain circumstances the web interface users credentials may be recovered by an authenticated user.
{
"affected": [],
"aliases": [
"CVE-2024-32932"
],
"database_specific": {
"cwe_ids": [
"CWE-257"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-02T15:15:11Z",
"severity": "MODERATE"
},
"details": "Under certain circumstances the web interface users credentials may be recovered by an authenticated user.",
"id": "GHSA-9g5q-cq8h-f2r5",
"modified": "2024-07-02T21:32:14Z",
"published": "2024-07-02T21:32:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32932"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-07"
},
{
"type": "WEB",
"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Use strong, non-reversible encryption to protect stored passwords.
CAPEC-49: Password Brute Forcing
An adversary tries every possible value for a password until they succeed. A brute force attack, if feasible computationally, will always be successful because it will essentially go through all possible passwords given the alphabet used (lower case letters, upper case letters, numbers, symbols, etc.) and the maximum length of the password.