CVE-2024-46612

IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information...

PT-2024-32076 · Icecms · Icecms

Name of the Vulnerable Software and Affected Versions: IceCMS versions 3.4.7 and earlier Description: The issue allows an attacker to forge JWT authentication information due to a hardcoded JWT key. Recommendations: For IceCMS versions 3.4.7 and earlier, update to a version that does not contain...

CVE-2023-41611

Victure PC420 1.1.39 was discovered to use a weak and partially hardcoded key to encrypt data...

CVE-2023-41611

Victure PC420 1.1.39 was discovered to use a weak and partially hardcoded key to encrypt data...

CVE-2023-41611

CVE-2023-41611 affects Victure PC420 firmware version 1.1.39. Root cause: use of a weak, partially hardcoded key to encrypt data. Impact aligns with confidentiality issues; CVSS v3.1 base score 6.5 (Network, Low integrity/availability impact). Exploitation details are not provided in the document...

PT-2024-12945 · Victure · Victure Pc420

Name of the Vulnerable Software and Affected Versions: Victure PC420 version 1.1.39 Description: The issue is related to the use of a weak and partially hardcoded key for data encryption. Recommendations: For Victure PC420 version 1.1.39, at the moment, there is no information about a newer versi...

CVE-2024-45165

CVE-2024-45165 affects UCI IDOL 2 (IDOL2) up to version 2.12. The issue is that the client–server encryption uses a static, hardcoded key derived from the string “(c)2007 UCI Software GmbH B.Boll.” This enables an attacker with access to the messages to decrypt and re-encrypt traffic, enabling pa...

PT-2024-31448 · Uci Software Gmbh · Uci Idol 2

Name of the Vulnerable Software and Affected Versions: UCI IDOL 2 versions through 2.12 Description: An issue was discovered in the encryption mechanism used by UCI IDOL 2. Data sent between the client and server is encrypted, but the key is derived from a static string "c2007 UCI Software GmbH...

Ewon Cosy+ Hardcoded Key

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-032 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Versions: Firmware Versions: 21.2s10 and 22.1s3 Tested Versions: Firmware Version: 21.2s7 Vulnerability Type: Use of Hard-coded Cryptographic Key CWE-32...

CVE-2023-20512

A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage...

PT-2024-11949 · Pmfw · Pmfw

Name of the Vulnerable Software and Affected Versions: PMFW affected versions not specified Description: A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage. Recommendations: At the moment, there is...

CVE-2023-48396

Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affect...

CVE-2023-48396

Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affect...

CVE-2024-36526

ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key...

PT-2024-27047 · Zkteco · Zkbio Cvsecurity

Name of the Vulnerable Software and Affected Versions: ZKTeco ZKBio CVSecurity version 6.1.1 Description: A hardcoded cryptographic key was discovered in the software. Recommendations: For ZKTeco ZKBio CVSecurity version 6.1.1, consider updating to a newer version that does not contain the...

CVE-2024-36526

ZKTeco ZKBio CVSecurity v6.1.1 is affected by a hardcoded cryptographic key (CVE-2024-36526). The Red Hat advisory and CNNVD entries corroborate the same issue. The vulnerability stems from a hardcoded key in CVSecurity 6.1.1, enabling high-severity impact per CVSS 3.1 (Critical, with high confid...

CVE-2024-27160

All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for th...

CVE-2024-27161

all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An attacker can decrypt the encrypted files using the hardcoded key. Insecure algorithm is used for the encryption. This vulnerability can be executed in combination with other vulnerabilities and difficult t...

CVE-2024-27159

All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for th...

CVE-2024-27161 Hardcoded password used to encrypt files

all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An attacker can decrypt the encrypted files using the hardcoded key. Insecure algorithm is used for the encryption. This vulnerability can be executed in combination with other vulnerabilities and difficult t...