CVE-2021-27952

Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console...

CVE-2021-27952

CVE-2021-27952 affects Ecobee3 Lite with firmware 4.5.81.200, where hardcoded default root credentials grant access to the password-protected bootloader environment via the serial console. Public references from NVD list a CVSS v3.1 base score of 9.8 (CRITICAL) with network access and no privileg...

Hardcoded credentials

An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded...

Hardcoded credentials

This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code...

Hardcoded credentials

NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to modify, which could lead to data loss or denial of service...

Hardcoded credentials

A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could an attacker to gain...

Dell OpenManage Enterprise Hardcoded Credentails / Privilege Escalation / Deserialization

Dell OpenManage Enterprise versions up to 3.6.1 suffer from multiple hard-coded credential issues, multiple privilege escalation, weak permissions, authentication bypass, and other vulnerabilities. Please find a text-only version below sent to security mailing lists. The complete version on...

Allsafe - Intentionally Vulnerable Android Application

Allsafe is an intentionally vulnerable application that contains various vulnerabilities. Unlike other vulnerable Android apps, this one is less like a CTF and more like a real-life application that uses modern libraries and technologies. Additionally, I have included some Frida based challenges...

Dell OpenManage Enterprise Hardcoded Credentails / Privilege Escalation / Deserialization

Hello, Please find a text-only version below sent to security mailing lists. The complete version on "Multiple vulnerabilities in Dell OpenManage Enterprise" is posted here: https://pierrekim.github.io/blog/2021-07-19-dell-openmanage-enterprise-0day-vulnerabilities.html === text-version of the...

Hardcoded credentials

UNSUPPORTED WHEN ASSIGNED KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

Hardcoded credentials

The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrator’s privilege without logging in...

CVE-2021-0279

Juniper Networks Contrail Cloud CC releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative...

CVE-2021-0279

Juniper Networks Contrail Cloud CC releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative...

Hardcoded credentials

Juniper Networks Contrail Cloud CC releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative...

CVE-2021-0279

CVE-2021-0279 concerns Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0, where the RabbitMQ service is enabled by default and uses hardcoded credentials. The result is that an attacker who can access the RabbitMQ administrative interface (for example, the GUI) may cause a Denial of S...

CVE-2021-0279 Contrail Cloud: Hardcoded credentials for RabbitMQ service

Juniper Networks Contrail Cloud CC releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative...

Hardcoded credentials

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an...

Hardcoded credentials

Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...

QSAN Storage Manager Hardcoded Credentials Vulnerability

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. A hard-coded credentials vulnerability exists in QSAN Storage Manager version 3.3.1 build 202101041800 and prior versions. An attacker can exploit this vulnerability to open the control interface via the...

Hardcoded credentials

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access...