CVE-2015-3001

SysAid Help Desk (SysAid Help Desk before 15.2) is affected by multiple vulnerabilities including CVE-2015-3001 (use of a hard-coded sa password: Password1) and CVE-2015-2993 (administrator account creation). The issues enable bypass of access restrictions and potential remote compromise; some en...

Hardcoded credentials

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive...

CVE-2015-0996

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive...

CVE-2015-0996

CVE-2015-0996 affects Schneider Electric InduSoft Web Studio (before 7.1.3.4 SP3 Patch 4) and InTouch Machine Edition 2014 (before 7.1.3.4 SP3 Patch 4). Root cause is a hard-coded, cleartext password used to control read access to Project files and Project Configuration files, enabling local atta...

EMC M&R (Watch4net) - Credential Disclosure Vulnerability

It was discovered that EMC M&R Watch4net credentials of remote servers stored in Watch4net are encrypted using a fixed hard-coded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them. Abstract It was discovered that EMC M&R Watch4net...

EMC MR (Watch4net) - Credential Disclosure

EMC MR Watch4net - Credential Disclosure Abstract It was discovered that EMC M&R Watch4net credentials of remote servers stored in Watch4net are encrypted using a fixed hardcoded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them. Affecte...

EMC M&R (Watch4net) Insecure Credential Storage

------------------------------------------------------------------------ EMC M&R Watch4net data storage collector credentials are not properly protected ------------------------------------------------------------------------ Han Sahin, November 2014...

EMC M&R (Watch4net) - Credential Disclosure

Abstract It was discovered that EMC M&R Watch4net credentials of remote servers stored in Watch4net are encrypted using a fixed hardcoded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them. Affected products EMC reports that the following...

CVE-2015-0930

The web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a100 has a hardcoded administrative password, which makes it easier for remote attackers to obtain access via an HTTP session...

CVE-2014-9576

VDG Security SENSE formerly DIVA 2.3.13 has a hardcoded password of 1 ArpaRomaWi for the root Postgres account and !DVService for the 2 postgres and 3 NTP Windows user accounts, which allows remote attackers to obtain access...

CVE-2014-5420

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authenticated users to obtain application-file access via unspecified vectors...

CVE-2014-5420

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authenticated users to obtain application-file access via unspecified vectors...

CVE-2014-5421

CareFusion Pyxis SupplyStation system (version 8.1 with hardware test tool 1.0.16 and earlier) contains a hard-coded database password that can allow local users with cabinet access to gain privileges. CVE-2014-5421 is documented with a base vulnerability tied to hard-coded credentials; NVD notes...

CVE-2014-5422

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded service password, which makes it easier for remote attackers to obtain access via unspecified vectors...

CVE-2014-5420

CVE-2014-5420 affects CareFusion Pyxis SupplyStation 8.1 with hardware test tool software versions up to 1.0.15. The vulnerability is hard-coded passwords in service and application accounts (and insecure temporary files) that could allow remote authenticated access to application files via unspe...

CVE-2014-5422

CVE-2014-5422 affects CareFusion Pyxis SupplyStation system 8.1 with hardware test tool prior to 1.0.16. The vulnerability is due to a hardcoded service password that grants admin privileges, enabling a remote attacker to gain access through unspecified vectors (remote exploitation possible if ne...

Amazing exposure Netcore routers exist back door, anyone can be a remote access-vulnerability warning-the black bar safety net

The Trend Micro researchers said yesterday at the official website shows, the Chinese manufacturers produce a series of routers contain a severe vulnerability, the hacker through the loopholes in monitoring user's Internet traffic. Router in China the Brand Name Netcore in foreign countries the...

CVE-2014-5396

The web interface in Schrack Technik microControl with firmware before 1.7.0 937 has a hardcoded password of not for the "user" account, which makes it easier for remote attackers to obtain access via unspecified vectors...

CVE-2014-5396

The CVE-2014-5396 issue affects Schrack Technik microControl web interface on firmware versions before 1.7.0 (937). The root cause is a hardcoded password for the user account, enabling remote access via unspecified vectors. The connected sources reiterate the same description; no explicit fix or...

Hardcoded credentials

config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of 1 user s7C9Cx.rLsWFA for the user account, 2 admin uoCbM.VEiKQto for the admin account, and 3 var jhl3iZAe./qXM for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors...