CVE-2020-5222 Hard-Coded Key Used For Remember-me Token in OpenCast

Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an attacker getting access to a remember-me token for one server can get access to all servers which allow log-in using the same credentials...

CVE-2020-6857

CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary...

CVE-2020-6857

CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary...

Neowise CarbonFTP 1.4 Insecure Proprietary Password Encryption Exploit

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NEOWISE-CARBONFTP-v1.4-INSECURE-PROPRIETARY-PASSWORD-ENCRYPTION.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.neowise.com Product CarbonFTP v1.4 CarbonFTP is a...

Cisco Data Center Network Manager SecurityManager Hard-coded Cryptographic Key Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the validation of SSO tokens of SOAP packets. The issue results from th...

CVE-2019-6693

Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords except the...

CVE-2019-6693

Fortinet FortiOS contains a vulnerability CVE-2019-6693: use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup files. An attacker with access to the backup file could decrypt sensitive data, including users’ passwords (excluding admin), private keys’ passp...

Fortinet FortiOS Trust Management Issue Vulnerability

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security vulnerability exists i...

PT-2019-6279 · Fortinet · Fortimanager +2

Name of the Vulnerable Software and Affected Versions: FortiOS, FortiManager, and FortiAnalyzer affected versions not specified Description: The vulnerability involves the use of a hard-coded cryptographic key to encrypt sensitive data within configuration backup files and CLI configurations. An...

CVE-2019-13399

Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation...

WAGO Industrial Managed Switches 852-303, 852-1305 and 852-1505 Trust Management Issue Vulnerability (CNVD-2020-36950)

WAGO Industrial Managed Switches 852-303 and so on are a kind of industrial managed switches from Germany WAGO company. A trust management issue vulnerability exists in the WAGO Industrial Managed Switches 852-303 prior to version 1.2.2.S0, 852-1305 prior to version 1.1.6.S0, and 852-1505 prior t...

CVE-2019-12776

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocaterevB scripts copies the hardcoded key to...

CVE-2019-12376

Use of a hard-coded encryption key in Ivanti LANDESK Management Suite LDMS, aka Endpoint Manager 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges...

Computrols CBAS Web Hardcoded Encryption Key Vulnerability

CBAS Web is a Web-based building management system BMS from Computrols. A hard-coded encryption key vulnerability exists in Computrols CBAS Web. The vulnerability stems from multiple scripts that contain hard-coded encryption keys used to decrypt database backup files. An authenticated attacker...

CVE-2019-9975

DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key...

CVE-2019-9975

DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key...

DASAN H660RM Information Disclosure / Hardcoded Key Vulnerability

DASAN H660RM allows for unauthenticated ping access, has a hardcoded key for encryption, and logs sensitive information into /tmp. DASAN H660RM Information Disclosure / Hardcoded Key CVE-2019-9974: diagtool.cgi on DASAN H660RM devices with firmware 1.03-0022 allows spawning ping processes without...

DASAN H660RM Information Disclosure / Hardcoded Key

Hi! CVE-2019-9974: diagtool.cgi on DASAN H660RM devices with firmware 1.03-0022 allows spawning ping processes without any authorization leading to information disclosure and DoS attacks Remote attacker could enumerate hosts on LAN interface sending requests to /cgi-bin/diagtool.cgi with ip...

CVE-2018-15781

The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decryp...

Lenovo Chassis Management Module (CMM) Information Disclosure Vulnerability

The Lenovo Chassis Management Module CMM is a hot-swappable Lenovo Flex System module that can be used to configure and manage all installed Lenovo Flex System components. An information disclosure vulnerability exists in Lenovo CMM versions prior to 2.0.0, which stems from the program's use of a...