CVE-2022-0444

The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key...

Cross site request forgery (csrf)

The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key...

WordPress plugin XCloner 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. versions of the WordPress XCloner plugin prior to 4.3.6 are vulnerable to cross-site request forgery,...

The vulnerability of Trendnet TEW-831DR router microprogramming software, related to the use of a rigidly encrypted cryptographic key, allows a hacker to obtain the encryption key.

The vulnerability of Trendnet TEW-831DR router microprogramming software is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability can allow an attacker operating remotely to obtain the encryption key...

SonicWall Secure Mobile Access (SMA) 12.4.x < 12.4.1-02994 Multiple Vulnerabilities (SNWLID-2022-0009)

The remote host is a SonicWall Secure Mobile Access SMA device that may be affected by multiple vulnerabilities: - SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data. CVE-2022-1701 - SonicWall SMA1000 series firmwa...

GHSA-G48F-FF5H-5F64 Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop

Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file...

GHSA-66J3-66CP-6C2M TYPO3 Path Traversal vulnerability

The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as...

Typo3 Backend Configuration XSS Vulnerability

The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors...

web2py remote code execution via hardcoded encryption key in session.connect function

The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function...

GHSA-Q2RQ-QGCF-M22W web2py remote code execution via hardcoded encryption key in session.connect function

The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function...

CVE-2022-1701

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data...

Hardcoded credentials

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data...

CVE-2022-1701

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data...

PT-2022-2958 · Sonicwall · Sonicwall Sma1000

Name of the Vulnerable Software and Affected Versions: SonicWall SMA1000 series firmware versions 12.4.0, 12.4.1-02965 and earlier Description: The issue is related to the use of a shared and hard-coded encryption key to store data. This could allow an attacker to disclose protected information...

ceph: Ceph volume does not honour osd_dmcrypt_key_size

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...

CVE-2022-23724

Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials...

CVE-2022-23724 PingID Integration for Windows Login MFA Bypass

Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials...

Automation 360 信任管理问题漏洞

Automation 360 is a cloud-native end-to-end intelligent automation platform. A security vulnerability exists in Automation 360 version 22 that stems from a hard-coded encryption key that can decrypt exported RPA packages...

The vulnerability of the SSL-VPN portal for FortiOS operating systems allows a hacker to obtain the encryption key.

The vulnerability of the SSL-VPN portal for FortiOS operating systems is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow a malicious actor to obtain the encryption key remotely...

Security Bulletin: IBM Watson Knowledge Catalog (with Information Server) is affected by a Cryptographic vulnerability

Summary A Cryptographic vulnerability was addressed by IBM Watson Knowledge Catalog with Information Server. Vulnerability Details CVEID: CVE-2019-4220 DESCRIPTION: IBM InfoSphere Information Server stores a common hard coded encryption key that could be used to decrypt sensitive information. CVS...