You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
credential leakage
About this tag
Credential leakage refers to the unintentional exposure of sensitive authentication data such as passwords, tokens, API keys, or client secrets. On WindowsForum.com, discussions cover a range of real-world incidents and vulnerabilities, including CVE-2026-23370 where Dell Linux WMI Sysman hex-dumped plaintext passwords, CVE-2025-61594 in the Ruby uri gem that leaked credentials via URI combination, and CVE-2024-45336 in Go's net/http client that could leak Authorization headers during redirects. Other topics include local cleartext storage in Microsoft PC Manager (CVE-2025-49728), exposed Azure AD credentials in appsettings.json files, and LNK file tricks that can hide malicious execution. These examples highlight how credential leakage can occur through software bugs, misconfigurations, or UI spoofing, and emphasize the importance of patching, secret management, and secure coding practices.
The disclosure of CVE-2026-23370 is a reminder that not every kernel security issue hinges on memory corruption or a dramatic exploit chain. Sometimes the vulnerability is a much simpler and more dangerous failure of operational hygiene: the Linux kernel’s Dell WMI Sysman path was hex-dumping an...
Windows shortcut (.LNK) files are once again in the crosshairs: researcher Wietze Beukema has publicly documented four previously undocumented ways that crafted LNK files can spoof what users see, hide dangerous command-line arguments, and execute entirely different binaries than the shortcut...
A newly disclosed vulnerability in the widely used Ruby URI library — tracked as CVE-2025-61594 — reopens a previously patched avenue for credential leakage by bypassing the fix for CVE-2025-27221 and allowing sensitive userinfo (username/password) to leak when URIs are combined using the +...
A subtle bug in the Go standard library’s net/http client can restore and transmit sensitive headers after a specific sequence of redirects, potentially leaking Authorization tokens and other credentials to unintended targets—security teams and Go developers must treat this as a material risk...
CVE-2025-49728 — Microsoft PC Manager: Cleartext storage of sensitive information (Security‑feature bypass, local)
Summary (TL;DR)
Microsoft has assigned CVE‑2025‑49728 to a vulnerability in Microsoft PC Manager where sensitive information is stored in cleartext, enabling a local, unauthorized...
cleartext storage
credentialleakagecredential rotation
cve-2025-49728
data security
endpoint security
incident response
local exploit
local vulnerability
microsoft pc manager
patch management
security bypass
software security
threat detection
windows security
zdi-25-294
Siemens has confirmed a vulnerability in its APOGEE PXC and TALON TC building automation devices that allows an unauthenticated remote actor to retrieve sensitive files — including the device’s encrypted database — over BACnet, a widely used building automation protocol, a weakness now tracked...
A publicly exposed appsettings.json file that contained Azure Active Directory application credentials has created a direct, programmatic attack path into affected tenants — a misconfiguration that can let attackers exchange leaked ClientId/ClientSecret pairs for OAuth 2.0 access tokens and then...
AVEVA's PI Integrator for Business Analytics has been the subject of a coordinated security disclosure that identifies two authenticated, yet remotely exploitable, vulnerabilities which could permit file upload of dangerous types and the disclosure of sensitive output data — issues that demand...
aveva pi integrator
cisa icsa-25-224-04
credentialleakage
critical infrastructure
cve-2025-41415
cve-2025-54460
dangerous file types
data exfiltration
hdfs targets
ics security
insertion of sensitive information
network segmentation
ot security
patch management
pi integrator for business analytics
sensitive data
text file targets
unrestricted file upload
wdac allowlisting
Windows DWM Core Library, the heart of the Desktop Window Manager’s graphical rendering pipeline, has been thrust into the security spotlight with the discovery of CVE-2025-33052. This vulnerability, characterized as an information disclosure flaw stemming from the use of uninitialized...
credentialleakage
cve-2025-33052
desktop window manager
dwm core library
endpoint security
exploit prevention
information disclosure
local attack
memory initialization
memory leak
memory safety
microsoft security
security patch
threat mitigation
vulnerability
windows 10
windows 11
windows security
windows server
If you’ve ever wondered whether the relics of IT’s past can come back to haunt you, look no further than NTLM authentication—a sort of ancient curse that’s less Indiana Jones and more Office Space. Windows still ships with this timeworn authentication protocol enabled by default. While it was a...
The night was humming with the quiet, digital anxiety only IT professionals know too well when the heartbeat of business thrums through cloud infrastructure and acronyms like MFA, MACE, and Entra are uttered with the reverence reserved for ancient gods. Into this perfectly (and precariously)...