PT-2022-24105 · Mutiny · Mutiny

Name of the Vulnerable Software and Affected Versions: Mutiny version 7.2.0-10788 Description: The issue is related to a hardcoded root password in the software. This could potentially allow unauthorized access to the system. Recommendations: For Mutiny version 7.2.0-10788, consider changing the...

CVE-2022-37832

Mutiny 7.2.0-10788 suffers from Hardcoded root password...

CVE-2022-38337

When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service DoS for the user if services like fail2ban are used...

CVE-2022-38337

When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service DoS for the user if services like fail2ban are used...

PT-2022-24375 · Mobaxterm · Mobaxterm

Name of the Vulnerable Software and Affected Versions: MobaXterm versions prior to 22.1 Description: The issue occurs when aborting a SFTP connection, where a hardcoded password is sent to the server. This can be treated as an invalid login attempt by the server, potentially leading to a Denial o...

CVE-2022-38337

When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service DoS for the user if services like fail2ban are used...

Mobatek MobaXterm 信任管理问题漏洞

Mobatek MobaXterm is a suite of terminal software from the French company Mobatek that integrates an enhanced terminal, an X server and a Unix command set GNU/Cygwin. A security vulnerability exists in Mobatek MobaXterm versions prior to v22.1, which originates when aborting an SFTP connection,...

CVE-2022-38337

CVE-2022-38337 affects Mobatek MobaXterm prior to v22.1, where aborting a SFTP connection sends a hardcoded password to the server, which the server may treat as an invalid login and trigger a user DoS (e.g., via fail2ban). Root cause is hardcoded credentials during SFTP abort. Impact is Denial o...

PT-2022-6022 · Zyxel · Zyxel Lte3301-M209

Name of the Vulnerable Software and Affected Versions: Zyxel LTE3301-M209 versions prior to V1.00ABLG.6C0 Description: A flaw in the Zyxel LTE3301-M209 firmware could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has be...

CVE-2022-26119

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

CVE-2022-26119

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

Authentication flaw

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

CVE-2022-26119

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

CVE-2022-26119

Affected software : Fortinet FortiSIEM versions prior to 6.5.0. Vulnerability : Improper authentication allowing a local attacker with CLI access to perform operations on the Glassfish server via a hardcoded password. The root cause is hardcoded/default credentials used when connecting to Glassfi...

PT-2022-5759 · Fortinet · Fortisiem

Name of the Vulnerable Software and Affected Versions: Fortinet FortiSIEM versions prior to 6.5.0 Description: The issue is related to improper authentication in Fortinet FortiSIEM, allowing a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded...

FortiSIEM - Glassfish local credentials stored in plain text

An improper authentification vulnerability CWE-287 in FortiSIEM may allow a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

GO-2022-1043 Hardcoded hashed password in github.com/flyteorg/flyteadmin

Default authorization server's configuration settings contain a known hardcoded hashed password. Users who enable auth but do not override this setting may unknowingly allow public traffic in by way of this default password with attackers effectively impersonating propeller...

CVE-2022-39273 Default OAuth Authorization Server secret in FlyteAdmin

FlyteAdmin is the control plane for the data processing platform Flyte. Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the...

PT-2022-24861 · Unknown · Flyteadmin

Name of the Vulnerable Software and Affected Versions: FlyteAdmin versions prior to 1.1.44 Description: The default authorization server's configuration settings contain a known hardcoded hashed password. Users who enable authentication without changing the default clientid hashes will be exposed...

CVE-2022-36159

The CVE-2022-36159 issue affects Contec FXA3200 firmware version 1.13 and earlier, where a hard-coded root password stored in /etc/shadow is weak and crackable. An attacker with adjacent access could use this credential to reach the Wireless LAN Manager interface, enable Telnet, sniff traffic, or...