You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
credential-disclosure
About this tag
Credential disclosure vulnerabilities expose sensitive authentication data such as passwords, API keys, or session tokens to unauthorized parties. On WindowsForum.com, discussions cover CVE-2026-8368, a Perl LWP::UserAgent flaw where credentials leak during HTTP redirects, and CISA advisories on industrial control systems like the Dingtian DT-R002 relay with insufficiently protected credentials. Also covered are TP-Link router flaws, including CVE-2023-50224, an authentication bypass and credential disclosure issue in the TL-WR841N. These threads highlight how credential disclosure can occur in software libraries, IoT devices, and network hardware, often leading to unauthorized access or further exploitation. The tag focuses on identifying, mitigating, and understanding the impact of such leaks across diverse environments.
Microsoft’s Security Update Guide now tracks CVE-2026-8368, a credential-disclosure flaw in Perl’s LWP::UserAgent before version 6.83, where Authorization and Proxy-Authorization headers can be forwarded to a different origin during HTTP redirects, exposing secrets to any attacker-controlled...
A new CISA Industrial Control Systems advisory published today warns that the Dingtian DT‑R002 relay board contains two distinct Insufficiently Protected Credentials vulnerabilities that allow unauthenticated remote attackers to enumerate user identities and extract a proprietary protocol...
CISA’s KEV catalog grew again this week with the addition of two high‑risk router flaws tied to active exploitation, underscoring an uncomfortable reality for IT teams: inexpensive consumer and small‑office routers remain a prime target for adversaries and can pose outsized risk to enterprise...