1110 matches found
JINS MEME CORE uses a hard-coded cryptographic key
Overview JINS MEME CORE provided by JINS Inc. is a nose pad type sensor attached to a glass frame. JINS MEME CORE uses a hard-coded cryptographic key CWE-321. MASAHIRO IIDA of LAC Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...
CVE-2022-41397
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key "LandlordPassKey" to encrypt and decrypt secrets stored in configuration files and in database tables...
CVE-2022-41399
The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key "PASSKEY" to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database...
CVE-2022-41400
Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings...
CVE-2022-41399
The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key "PASSKEY" to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database...
CVE-2022-41397
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key "LandlordPassKey" to encrypt and decrypt secrets stored in configuration files and in database tables...
Sage Group Sage 300 信任管理问题漏洞
Sage Group Sage 300 is a well-established closed-source Enterprise Resource Planning ERP solution from Sage Group, UK, designed to facilitate the management of organizations. A security vulnerability exists in Sage Group Sage 300 version 2022 and prior versions, which stems from the use of a...
Sage Group Sage 300 信任管理问题漏洞
Sage Group Sage 300 is a well-established, closed-source enterprise resource planning ERP solution from Sage Group UK designed to facilitate business management. A security vulnerability exists in Sage Group Sage 300 version 2022 and prior versions that stems from the use of a hard-coded puffer k...
PT-2023-13980 · Sage · Sage 300
Name of the Vulnerable Software and Affected Versions: Sage 300 versions through 2022 Description: The issue involves the use of a hard-coded 40-byte blowfish key for encrypting and decrypting user passwords and SQL connection strings stored in ISAM database files. This could allow attackers to...
PT-2023-13979 · Sage · Sage 300
Name of the Vulnerable Software and Affected Versions: Sage 300 versions through 2022 Description: The optional Web Screens feature uses a hard-coded 40-byte blowfish key PASS KEY to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue...
PT-2023-13977 · Sage · Sage 300
Name of the Vulnerable Software and Affected Versions: Sage 300 versions through 2022 Description: The issue concerns the use of a hard-coded 40-byte blowfish key, specifically LandlordPassKey, for encrypting and decrypting secrets stored in configuration files and database tables. This is relate...
CVE-2022-41397
CVE-2022-41397 concerns Sage 300 (through version 2022) where the optional Web Screens and Global Search features use a hard-coded 40-byte Blowfish key, “LandlordPassKey,” to encrypt/decrypt secrets stored in configuration files and in database tables. This key is embedded in the feature’s encryp...
CVE-2022-41399
The CVE-2022-41399 issue affects Sage 300 (through 2022) where the optional Web Screens feature uses a hard-coded 40-byte Blowfish key (PASS_KEY) to encrypt/decrypt the PORTAL database connection string in dbconfig.xml. This cryptographic weakness could allow an attacker to access the SQL databas...
CVE-2023-27583 Panindex uses hard coded cyptographic key
PanIndex is a network disk directory index. In Panindex prior to version 3.1.3, a hard-coded JWT key PanIndex is used. An attacker can use the hard-coded JWT key to sign JWT token and perform any actions as a user with admin privileges. Version 3.1.3 has a patch for the issue. As a workaround, on...
Android App "Wolt Delivery: Food and more" uses a hard-coded API key for an external service
Overview Android App "Wolt Delivery: Food and more" provided by Wolt uses a hard-coded API key for an external service CWE-798. Naoya Kurosawa of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
PT-2023-21226 · Panindex · Panindex
Name of the Vulnerable Software and Affected Versions: PanIndex versions prior to 3.1.3 Description: The issue concerns a hard-coded JWT key PanIndex used in PanIndex. This allows an attacker to sign a JWT token and perform actions with admin privileges. Recommendations: For versions prior to...
PanIndex 信任管理问题漏洞
PanIndex is a directory index for netbooks. A security vulnerability exists in PanIndex versions prior to 3.1.3. An attacker exploited the vulnerability to sign a JWT token using a hard-coded JWT key and perform any action as a user with administrator privileges...
The vulnerability of the backup function of the Cisco Unified Computing System (UCS) Manager and the export function of the Cisco FXOS routers Firepower 4100 Series, Firepower 9300 Security Appliances, UCS 6200, UCS 6300, UCS 6400, and UCS 6500 allows a intruder to gain unauthorized access to protected information.
The vulnerability of the backup function of the Cisco Unified Computing System UCS Manager and the export function of the Cisco FXOS routers Firepower 4100 Series, Firepower 9300 Security Appliances, UCS 6200, UCS 6300, UCS 6400, and UCS 6500 is related to the use of a hard-coded cryptographic ke...
CVE-2022-34442
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contains a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges...
CVE-2022-34441
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contains a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges...