MobileIron agents 信任管理问题漏洞

MobileIron agents is a software application from MobileIron, Inc. It is used for MobileIron agents. A trust management issue vulnerability exists in versions of MobileIron agents prior to 2021-03-22, which stems from the inclusion of a hard-coded API key used to communicate with the MobileIron Sa...

MobileIron agents 信任管理问题漏洞

MobileIron agents is an application from MobileIron USA. It is used for MobileIron agents. MobileIron agents versions 2021-03-22 and earlier are vulnerable to a trust management issue that stems from the inclusion of a hard-coded encryption key that is used to encrypt the submission of...

Security Bulletin: IBM Security Verify Bridge uses a hard-coded key to encrypt the client secret (CVE-2021-20442)

Summary The obfuscation logic in IBM Security Verify Bridge ISVB relies on a hard-coded key to encrypt the client secret string. This means all ISVB users have the same encryption key. As of v1.0.5, ISVB has re-implemented its obfuscation logic so that each user gets assigned a unique key...

CVE-2020-12376

Use of hard-coded key in the BMC firmware for some IntelR Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclosure via local access...

Hardcoded credentials

Use of hard-coded key in the BMC firmware for some IntelR Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclosure via local access...

Intel® Server Boards, Server Systems and Compute Modules Advisory

Summary: Potential security vulnerabilities in some Intel® Server Boards, Server Systems and Compute Modules Baseboard Management Controller BMC firmware may allow escalation of privilege or information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities...

CVE-2020-15833

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner...

PT-2021-9837 · Mofi Network +1 · Mofi4500-4Gxelte +1

Name of the Vulnerable Software and Affected Versions: Mofi Network MOFI4500-4GXeLTE version 4.1.5-std Description: An issue was discovered where the Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom...

Scalance X Products Hard-Coded Encryption Key Vulnerability

SCALANCE X is a switch for connecting industrial components such as programmable logic controllers plc or human machine interfaces HMIs. The Scalance X Products hard-coded encryption key vulnerability can be exploited by an attacker to handle man-in-the-middle scenarios and decrypt previously...

Scalance X Products hard-coded encryption key vulnerability (CNVD-2021-02592)

SCALANCE X is a switch for connecting industrial components such as programmable logic controllers plc or human machine interfaces HMIs. The Scalance X Products hard-coded encryption key vulnerability can be exploited by an attacker to handle man-in-the-middle scenarios and decrypt previously...

Siemens SCALANCE X-200 信任管理问题问题漏洞

SCALANCE X is a switch for connecting industrial components such as programmable logic controllers plc or human machine interfaces HMIs. The Scalance X Products hard-coded encryption key vulnerability can be exploited by an attacker to handle man-in-the-middle scenarios and decrypt previously...

Trust Management Issues Vulnerabilities in Various Amino Communications Products

The Amino Communications AK45x series, among others, is a family of television set-top box devices from Amino UK. Amino Communications has a trust management issue vulnerability in a number of its products, which arises from a root user hard-coded SSH key that can be exploited by an attacker to...

Nibiru ransomware variant decryptor

Nikhil Hegde developed this tool. Weak encryptionThe Nibiru ransomware is a .NET-based malware family. It traverses directories in the local disks, encrypts files with Rijndael-256 and gives them a .Nibiru extension. Rijndael-256 is a secure encryption algorithm. However, Nibiru uses a hard-coded...

CVE-2020-5667

Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...

Studyplus App uses a hard-coded API key for an external service

Overview Studyplus App provided by Studyplus Inc. uses a hard-coded API key for an external service CWE-798. Ryo Sato of BroadBand Security,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact API key for an...

Exploit for Use of Hard-coded Cryptographic Key in Apache Aurora

Awesome-shiro CVE-2016-4437 Shiro=1.2.4反序列化，爆破模块和key、代码执行、反弹shell的工具 ---- 漏洞原因 因为shiro对cookie里的rememberme字段进行了反序列化，所以如果知道了shiro的编码方式，然后将恶意命令用它的编码方式进行编码并放在http头的cookie里，在shiro对提交的cookie的rememberme字段进行反序列化时，也就执行了插入的命令，最终造成了命令执行 shiro默认使用了CookieRememberMeManager，其处理cookie的流程是：...

NVIDIA DGX servers BMC firmware trust management issue vulnerability

NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. A vulnerability with trust management issues exists in the NVIDIA DGX servers BMC firmware prior to version 3.38.30, which stems from a vulnerability in the AMI BMC firmware that contains a vulnerability usin...

CVE-2020-11615

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure...

Exploit for Use of Hard-coded Cryptographic Key in Apache Aurora

Awesome-shiro CVE-2016-4437 Shiro=1.2.4反序列化，爆破模块和key、代码执行、反弹shell的工具 ---- 漏洞原因 因为shiro对cookie里的rememberme字段进行了反序列化，所以如果知道了shiro的编码方式，然后将恶意命令用它的编码方式进行编码并放在http头的cookie里，在shiro对提交的cookie的rememberme字段进行反序列化时，也就执行了插入的命令，最终造成了命令执行 shiro默认使用了CookieRememberMeManager，其处理cookie的流程是：...

CVE-2019-17098

Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v10.11.0 and prior...