567 matches found
CVE-2025-34217
Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA/SaaS deployments contain an undocumented 'printerlogic' user with a hardcoded SSH public key in '/.ssh/authorizedkeys' and a sudoers rule granting the printerlogicssh group 'NOPASSWD: ALL'. Possession of the matching...
CVE-2025-34196
Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 25.1.102 and Application prior to 25.1.1413 Windows client deployments contain a hardcoded private key for the PrinterLogic Certificate Authority CA and a hardcoded password in product configuration files. The Windows...
CVE-2025-34217
Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA/SaaS deployments contain an undocumented 'printerlogic' user with a hardcoded SSH public key in '/.ssh/authorizedkeys' and a sudoers rule granting the printerlogicssh group 'NOPASSWD: ALL'. Possession of the matching...
CVE-2025-34217 Vasion Print (formerly PrinterLogic) Undocumented Hardcoded SSH Key
Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA/SaaS deployments contain an undocumented 'printerlogic' user with a hardcoded SSH public key in '/.ssh/authorizedkeys' and a sudoers rule granting the printerlogicssh group 'NOPASSWD: ALL'. Possession of the matching...
CVE-2025-34217 Vasion Print (formerly PrinterLogic) Undocumented Hardcoded SSH Key
Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA/SaaS deployments contain an undocumented 'printerlogic' user with a hardcoded SSH public key in '/.ssh/authorizedkeys' and a sudoers rule granting the printerlogicssh group 'NOPASSWD: ALL'. Possession of the matching...
CVE-2025-34217
CVE-2025-34217 concerns Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments). The advisory documents an undocumented local user named printerlogic with a hardcoded SSH public key stored in ~/.ssh/authorized_keys and a sudoers rule giving the printerlog...
Vasion Print Virtual Appliance Host和Vasion Print Application 安全漏洞
Vasion Print Virtual Appliance Host and Vasion Print Application are both products of Vasion Corporation of the U.S.A. Vasion Print Virtual Appliance Host is a print management software.Vasion Print Vasion Print Application is a printer management application. A security vulnerability exists in...
CVE-2025-34209
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to 22.0.862 and Application prior to 20.0.2014 VA and SaaS deployments contain Docker images with the private GPG key and passphrase for the account no‑reply+virtual‑[email protected]. The key is stored in cleartext and the...
CVE-2025-34209 Vasion Print (formerly PrinterLogic) Hardcoded GPG Private Key
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to 22.0.862 and Application prior to 20.0.2014 VA and SaaS deployments contain Docker images with the private GPG key and passphrase for the account no‑reply+virtual‑[email protected]. The key is stored in cleartext and the...
CVE-2025-57601
AiKaan Cloud Controller uses a single hardcoded SSH private key and the username proxyuser for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open Remote Terminal" from the AiKaan dashboard, the controller sends this same static private key to the target...
PT-2025-38730
Name of the Vulnerable Software and Affected Versions AiKaan Cloud Controller affected versions not specified Description The AiKaan Cloud Controller utilizes a single, hardcoded SSH private key and the username proxyuser for remote terminal access to all managed IoT/edge devices. When an...
CVE-2025-57602
Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the cloud controller, gain interactive shell access, and pivot into other connected IoT devices. This can...
CVE-2025-57601
Affected software : AiKaan Cloud Controller. Vulnerability : uses a single hardcoded SSH private key and the same proxyuser for remote terminal access to all managed IoT/edge devices; when Open Remote Terminal is invoked, the static key is sent to the target device, enabling reverse SSH tunnels t...
CVE-2025-55112
Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...
CVE-2025-55112
Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...
CVE-2025-55112
Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...
CVE-2025-55112 BMC Control-M/Agent hardcoded Blowfish keys
Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...
CVE-2025-55112 BMC Control-M/Agent hardcoded Blowfish keys
Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...
CVE-2025-55112
Control-M/Agent, versions 9.0.18–9.0.20 (out-of-support) configured to use a non-default Blowfish encryption implementation rely on a hardcoded key, enabling an attacker with access to network traffic and the key to decrypt traffic between the Control-M/Agent and the Server. Root cause: hardcoded...
PT-2025-37942
Name of the Vulnerable Software and Affected Versions: Control-M/Agent versions 9.0.18 through 9.0.20 Description: Out-of-support versions of Control-M/Agent configured to use the non-default Blowfish cryptography algorithm utilize a hardcoded key. An attacker with network access and knowledge of...