Missing encryption of sensitive data vulnerability in ‘MIRUPASS’ PW10 firmware all versions and ‘MIRUPASS’ PW20 firmware all versions allows an attacker who can physically access the device to obtain the stored passwords.
CWE-311
CVE-2023-0690
HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS. This would result in the credentials being stored in plaintext on the Boundary PKI worker’s disk. This issue is fixed in version 0.12.0.