CVE-2013-3625

CVE-2013-3625 affects Baramundi Management Suite versions 7.5–8.9. The vulnerability arises from a hard-coded encryption key stored in a DLL, enabling attackers who obtain the key from a product installation elsewhere to defeat cryptographic protections. Connected sources confirm the issue within...

Input validation

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file...

CVE-2013-1921

CVE-2013-1921 affects PicketBox data vault in Red Hat JBoss Enterprise Application Platform (EAP) 6.1.x prior to 6.1.1. A local attacker can read the Vault data file and obtain the admin encryption key, exposing encrypted credentials. The issue is reported in multiple advisories (e.g., RHSA-2013:...

PicketBox: Insecure storage of masked passwords

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file...

PicketBox: Insecure storage of masked passwords

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file...

Cisco Unified Communications Manager multiple security vulnerabilities

Hardcoded encryption key, code execution, privilege escation, SQL injection...

CVE-2013-4869

Cisco Unified Communications Manager CUCM 7.1x through 9.12 and the IM & Presence Service in Cisco Unified Presence Server through 9.12 use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat...

Hardcoded credentials

Cisco Unified Communications Manager CUCM 7.1x through 9.12 and the IM & Presence Service in Cisco Unified Presence Server through 9.12 use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat...

CVE-2013-4869

Cisco Unified Communications Manager CUCM 7.1x through 9.12 and the IM & Presence Service in Cisco Unified Presence Server through 9.12 use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat...

ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability

EMC Identifier: ESA-2013-029 CVE Identifier: CVE-2013-0941 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected Products: RSA Authentication API versions prior to 8.1 SP1 RSA Web Agent for Apache Web Server versions prior to 5.3.5 RSA Web Agent for IIS versions prior to...

Nmap NSE 6.01: smb-psexec

Implements remote process execution similar to the Sysinternals' psexec tool, allowing a user to run a series of programs on a remote machine and read the output. This is great for gathering information about servers, running the same tool on a range of system, or even installing a backdoor on a...

EMC Smarts Network Configuration Manager security vulnerabilities

Hardcoded ecnryption key, default unauthenticated connections...

ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities

ESA-2012-057.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities EMC Identifier: ESA-2012-057 CVE Identifier: CVE-2012-4614 CVE Identifier: CVE-2012-4615 Severity Rating: CVSS v2 Base Score: See below for individual...

Hardcoded credentials

EMC Smarts Network Configuration Manager NCM before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors...

CVE-2012-4615

EMC Smarts Network Configuration Manager NCM before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors...

CVE-2012-4615

EMC Smarts Network Configuration Manager NCM before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors...

CVE-2012-4615

EMC Smarts Network Configuration Manager (NCM) prior to version 9.1 is affected by CVE-2012-4615 due to a hard-coded encryption key used to store credentials, enabling local users to obtain sensitive information via unspecified vectors. The related security advisory(ESA-2012-057) notes this and r...

Huawei Quidway / Huawei CX600 Weak Password Encryption

Various Huawei products use DES without any salt to encrypt passwords. Included vulnerable are the Huawei Quidway series and Huawei CX600. Weak password encryption on Huawei products =========================================== ADVISORY INFORMATION Title: Weak password encryption on Huawei product...

PT-2015-12: Privilege Gaining in Siemens SIMATIC WinCC (TIA Portal)

The specialists of the Positive Research center have detected a Privilege Gaining vulnerability in Siemens SIMATIC WinCC TIA Portal. Vulnerability exists due to a hard coded encryption key in WinCC RT Professional, which allows remote attackers to obtain sensitive information and escalate their...

CVE-2012-3529

The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors...