CVE-2024-12604
6.5 MEDIUMCleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerabil...
Published: 2025-03-10 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 6.5 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
- CWE
- CWE-312, CWE-526, CWE-640
Affected products
| Vendor | Product |
|---|---|
| tapandsign | tap\&sign |
Description
Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse. This issue affects Tap&Sign App: before V.1.025.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-45013 — ApostropheCMS is an open-source Node.js content management system (8.1 HIGH)
- CVE-2026-12066 — A security flaw has been discovered in PbootCMS up to 3.2.12 (7.3 HIGH)
- CVE-2026-46622 — SolidInvoice is an open-source invoicing platform (8.1 HIGH)
- CVE-2026-50635 — LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it (8.8 HIGH)
- CVE-2026-10786 — Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain... (6.5 MEDIUM)