A 3rd-party component exposed its password in process arguments, allowing for low-privileged users to access it.
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.