Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords.

FTP Explorer uses weak encryption for storing the username, password, and profile of FTP sites.

Red Hat 6.0 allows local users to gain root access by booting single user and hitting ^C at the password prompt.

The installation of Sun Internet Mail Server (SIMS) creates a world-readable file that allows local users to obtain passwords.

HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges.

The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs.

The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP.

MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.

Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack.

The mcsp Client Site Processor system (MultiCSP) in Standard and Poor's ComStock is installed with several accounts that have no passwords or easily guessable default passwords.

The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords for other users, site administrators, and possibly admin (root).

Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password.

An installation of Red Hat uses DES password encryption with crypt() for the initial password, instead of md5.

Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which allows remote attackers to obtain them via sniffing.

Netscape Navigator uses weak encryption for storing a user's Netscape mail password.

Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext.

MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege.

PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file with improper permissions.

CuteFTP uses weak encryption to store password information in its tree.dat file.

Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log files and temporary files, which may expose sensitive information, to local users such as user IDs, passwords and SNMP community strings.