[ERPSCAN-15-016] SAP NetWeaver – Hardcoded credentials

ERPSCAN Research Advisory ERPSCAN-15-016 SAP NetWeaver – Hardcoded credentials Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS ABAP, probably others Vendor URL: http://SAP.com Bugs: Hardcoded credentials Sent: 06.03.2014 Reported: 07.03.2014 Vendor response: 07.03.2014 Date of Publ...

Hardcoded credentials

SMA Solar Sunny WebBox has hardcoded passwords, which makes it easier for remote attackers to obtain access via unspecified vectors...

SAP NetWeaver AS FKCDBFTRACE ABAP Hardcoded Credentials

ERPSCAN Research Advisory ERPSCAN-15-015 SAP NetWeaver AS ABAP– Hardcoded Credentials Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS ABAP, probably others Vendor URL: http://SAP.com Bugs: Hardcoded credentials Sent: 06.03.2014 Reported: 07.03.2014 Vendor response: 07.03.2014 Date ...

SAP NetWeaver AS LSCT1I13 ABAP Hardcoded Credentials

ERPSCAN Research Advisory ERPSCAN-15-016 SAP NetWeaver – Hardcoded credentials Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS ABAP, probably others Vendor URL: http://SAP.com Bugs: Hardcoded credentials Sent: 06.03.2014 Reported: 07.03.2014 Vendor response: 07.03.2014 Date of Publ...

Hardcoded Credentials Vulnerability in Multiple Seagate and LaCie Wireless Storage Products

Seagate is the world's largest manufacturer of hard drives, disks and read/write heads, headquartered in California. A hard-coded credentials vulnerability exists in several Seagate and LaCie wireless storage products, which could be exploited by an attacker to access an undisclosed Telnet servic...

施耐德(Schneider) PLC 以太网模块固件后门

通过分析设备固件可以得知，文件系统中包含硬编码方式保存的用户凭证信息。 这些信息主要用于提供对外的FTP服务升级服务。 其中，问题代码位于/FLASH0/wwwroot/classes/SACommjar 包中，具体的Package路径： com.schneiderautomation.misc.TextFiles的第266行至268行位置。 package com.schneiderautomation.misc; import com.schneiderautomation.ftpsession.FTPSession; import...

Hardcoded credentials

Basware Banking Maksuliikenne 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to...

Hardcoded credentials

Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface...

Hardcoded credentials

Mobile Devices aka MDI C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password...

CVE-2015-2904

Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface...

CVE-2015-2904

Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface...

CVE-2015-2904

CVE-2015-2904 affects Actiontec GT784WN modems with firmware prior to NCS01-1.0.13, where hard-coded credentials allow remote attackers to obtain root access by connecting to the web management interface. Public documents confirm the vulnerability is tied to root-privilege credential exposure and...

CVE-2015-2907

CVE-2015-2907 concerns the Mobile Devices (MDI) C4 OBD-II dongle family (firmware 2.x–3.4.x). The root cause is hard-coded SSH credentials (username/password) that enable remote attackers to gain access to affected devices. Impact described across sources includes unauthorized remote access; CERT...

PT-2015-5968 · Mobile Devices · Mobile Devices C4 Obd-Ii Dongle

Name of the Vulnerable Software and Affected Versions: Mobile Devices aka MDI C4 OBD-II dongles versions 2.x through 3.4.x Description: The issue allows remote attackers to obtain access by leveraging knowledge of the required username and password, due to hardcoded SSH credentials...

Hardcoded credentials

Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive...

Hardcoded credentials

Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a 1 SSH or 2 TELNET session...

Hardcoded credentials

GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse!Admin for the Museadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value...

Hardcoded credentials

GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system o...

Hardcoded credentials

The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions, has a password of 1 shared for the shared user and 2 scan for the scan user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default,...

Hardcoded credentials

GE Healthcare Precision MPi has a password of 1 orion for the serviceapp user, 2 orion for the clinical operator user, and 3 PlatinumOne for the administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent ...