CVE-2023-36380

A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.11 only with activated debug support, CP-8050 MASTER MODULE All versions CPCI85 V05.11 only with activated debug support. The affected devices contain a hard-coded ID in the SSH authorizedkeys configuration file...

The vulnerability of the NPort IAW5000A-I/O Series web server software allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the NPort IAW5000A-I/O Series web server software is related to the presence of a hard-coded key, which could potentially facilitate manipulation of the firmware. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and...

CVE-2023-38024 SpotCam Co., Ltd. SpotCamFHD - Use of Hard-coded Cryptographic Key -1

SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of using hard-coded Telnet credentials. An remote unauthenticated attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service...

CVE-2023-22956

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information...

CVE-2023-22957

An issue was discovered in libacdes3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root passwor...

CVE-2023-22956

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information...

CVE-2023-22957

An issue was discovered in libacdes3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root passwor...

PT-2023-18797 · Audiocodes · Audiocodes Voip Desk Phones

Name of the Vulnerable Software and Affected Versions: AudioCodes VoIP desk phones versions through 3.4.4.1000 Description: An issue was discovered due to the use of a hard-coded cryptographic key, allowing an attacker to decrypt encrypted configuration files and retrieve sensitive information...

CVE-2023-3632

Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.This issue affects Kunduz - Homework Helper App: before 6.2.3...

CVE-2023-3632

Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass. This issue affects Kunduz - Homework Helper App: before 6.2.3...

PT-2023-4358 · Triangle Microworks · Scada Data Gateway

Name of the Vulnerable Software and Affected Versions: Triangle MicroWorks SCADA Data Gateway affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. The specific flaw exists within the TmwCrypto class, resulting...

Control ID IDSecure Trust Management Issue Vulnerability

Control ID IDSecure is software from Control ID that controls access to personnel and vehicles in companies of all sizes. A security vulnerability exists in Control ID IDSecure version 4.7.26.0 and prior versions, which stems from the use of a hard-coded key to sign and verify JWT session tokens,...

The vulnerability of the FactoryTalk Policy Manager and FactoryTalk System Services software, related to the use of a hard-coded cryptographic key, allows attackers to escalate their privileges.

The vulnerability of the FactoryTalk Policy Manager and FactoryTalk System Services software lies in the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow attackers to enhance their privileges...

PT-2023-25889 · Galaxy Software Services · Galaxy Software Services Vitals Esp

Name of the Vulnerable Software and Affected Versions: Galaxy Software Services Vitals ESP versions 3.0.8 through 6.2.0 Description: The issue is related to the use of a hard-coded encryption key in Galaxy Software Services Vitals ESP. An unauthenticated remote attacker can generate a valid token...

Galaxy Software Services Vitals ESP 信任管理问题漏洞

Galaxy Software Services Vitals ESP is a knowledge management system for office use by Galaxy Software Services China. A trust management issue vulnerability exists in Vitals ESP versions 3.0.8 through 6.2.0, which arises from the use of a hard-coded encryption key that can be exploited by an...

CVE-2023-34123

Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

CVE-2023-34123

CVE-2023-34123 describes a hard-coded cryptographic key vulnerability in SonicWall GMS (versions up to 9.3.2-SP1) and SonicWall Analytics (up to 2.5.0.4-R7). Connected PT-Security advisory notes the issue and recommends upgrading to fixed builds; The THN and NCSC/NV references indicate fixes exis...

PT-2023-3991 · Sonicwall · Sonicwall Gms +1

Name of the Vulnerable Software and Affected Versions: SonicWall GMS versions 9.3.2-SP1 and earlier SonicWall Analytics versions 2.5.0.4-R7 and earlier Description: The issue is related to the use of a hard-coded cryptographic key in SonicWall Analytics and SonicWall Global Management System GMS...

CVE-2023-37286

SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service...

CVE-2023-37287

SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes...