567 matches found
Sureness uses hardcoded key
Dromara Sureness before v1.0.8 was discovered to use a hardcoded key...
CVE-2023-31581
Dromara Sureness before v1.0.8 was discovered to use a hardcoded key...
CVE-2023-31581
Dromara Sureness before v1.0.8 was discovered to use a hardcoded key...
CVE-2023-31581
Dromara Sureness before v1.0.8 was discovered to use a hardcoded key...
Hardcoded credentials
Dromara Sureness before v1.0.8 was discovered to use a hardcoded key...
PT-2023-27933 · Google · Android Client
Name of the Vulnerable Software and Affected Versions: Android Client application affected versions not specified Description: The issue allows an unprivileged third-party application to arbitrarily modify the server settings of the Android Client application, causing it to connect to a malicious...
CVE-2023-31581
Dromara Sureness before v1.0.8 was discovered to use a hardcoded key...
CVE-2023-31581
CVE-2023-31581 affects Dromara Sureness prior to v1.0.8, where a hardcoded key is used in JSON Web Token creation and validation. This issue is documented across multiple sources (Red Hat advisory, CVE listings, OSV, GHSA) and is described as a security vulnerability in Sureness before 1.0.8. The...
CVE-2023-31581
Dromara Sureness before v1.0.8 was discovered to use a hardcoded key...
PT-2023-23397 · Dromara · Dromara Sureness
Name of the Vulnerable Software and Affected Versions: Dromara Sureness versions prior to 1.0.8 Description: The issue is related to the use of a hardcoded key in Dromara Sureness. Recommendations: For versions prior to 1.0.8, update to version 1.0.8 or later to resolve the issue...
AudioCodes VoIP Phones Hardcoded Key
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2022-054 Product: AudioCodes VoIP Phones Manufacturer: AudioCodes Ltd. Affected Versions: Firmware Versions = 3.4.8.M4 Tested Versions: Firmware Version 3.4.4.1000 Vulnerability Type: Use of Hard-coded Cryptographic Key CWE-321 Ris...
PT-2023-7583 · Aleos · Aleos
Name of the Vulnerable Software and Affected Versions: ALEOS versions 4.16.0 and earlier Description: The issue is related to the use of a hardcoded SSL certificate and private key in several versions of ALEOS. This could allow an attacker with access to these items to perform a man-in-the-middle...
CVE-2023-33371
Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication...
CVE-2023-33371
Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication...
PT-2023-24320 · Control Id · Idsecure
Name of the Vulnerable Software and Affected Versions: Control ID IDSecure versions 4.7.26.0 and prior Description: The issue allows attackers to sign arbitrary session tokens and bypass authentication due to the use of a hardcoded cryptographic key for signing and verifying JWT session tokens...
PT-2023-26960 · WordPress · Video Conferencing With Zoom
Name of the Vulnerable Software and Affected Versions: Video Conferencing with Zoom plugin for WordPress versions up to, and including, 4.2.1 Description: The issue is related to Sensitive Information Exposure due to a hardcoded encryption key in the vczapi encrypt decrypt function. This allows...
CVE-2023-3342
The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'uruploadprofilepic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with...
CVE-2023-34130
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm TEA with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...
CVE-2023-34130
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm TEA with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...
CVE-2023-34130
CVE-2023-34130 affects SonicWall GMS (versions 9.3.2-SP1 and earlier) and SonicWall Analytics (versions 2.5.0.4-R7 and earlier). The root cause is use of an outdated encryption algorithm (TEA) with a hardcoded key to encrypt sensitive data, per the CVE description. The NVD metrics indicate a CRIT...