Hardcoded credentials

Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information...

Hardcoded credentials

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces...

GPON Router Hardcoded Credentials Vulnerability

GPON Gigabit-Capable PON technology is the latest generation of broadband passive optical integrated access standard based on the ITU-TG.984.x standard. Gigabit-Capable PON GPON technology is the latest generation of broadband passive optical integrated access standard based on ITU-TG.984.x...

Hardcoded credentials

IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM...

Hardcoded credentials

Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...

Hardcoded credentials

An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page...

Oracle MAF store bypass, a how-to

On a recent assignment I was asked to look at the security of a cloud-based solution for expenses, the Oracle® ExpensesCloud with Fusion applications. It was being used for employees to create/save/edit/submit claims to the employer. TL;DR Having default hardcoded credentials allows an attacker...

Hardcoded credentials

The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decryp...

Hardcoded credentials

LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges...

Hardcoded credentials

IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153633...

IDenticard PremiSys Hardcoded Backdoor Account (CVE-2019-3906)

Hardcoded Backdoor Account exist in the IDenticard PremiSys . The vulnerability is due to service contains hardcoded credentials. Successful exploitation can allow admin access to the service via the Premisys WCF Service endpoint...

Hardcoded credentials

Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account in viewpoint-portal\conf\server.xml that could potentially be exploited by malicious users to compromise the affected system...

LAquis SCADA Web Server Hardcoded Credentials Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests to the product's webserver. The product contains...

Hardcoded credentials

AGPS session failure in GNSS module due to cyphersuites are hardcoded and needed manual update everytime in snapdragon mobile and snapdragon wear in versions MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 835, SD 845, SD 850...

CVE-2019-3906

Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents...

Hardcoded credentials

Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents...

Hardcoded credentials

Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data...

CVE-2019-3906

Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents...

CVE-2019-3906

CVE-2019-3906 affects IDenticard PremiSys (Identicard) Identicard 3.1.190. The root cause is use of hard-coded credentials in the PremiSys WCF service (port 9003), enabling an authenticated remote attacker to access/modify the badge system database with admin privileges. Mitigation per ICS-CERT U...

PT-2019-16761 · Premisys · Premisys Identicard

Name of the Vulnerable Software and Affected Versions: Premisys Identicard version 3.1.190 Description: The issue concerns hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can exploit these credentials to access and modify the badge system database...