567 matches found
PT-2022-21982
Name of the Vulnerable Software and Affected Versions Wavlink WN530HG4 version M30HG4.V5030.191116 Description A hardcoded encryption/decryption key was found in the configuration files of the affected device, specifically at the /etc ro/lighttpd/www/cgi-bin/ExportAllSettings.sh location. This...
CVE-2022-35857
kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because deserialization is mishandled. The rememberMe parameter is encrypted with a hardcoded key from the com.kalvin.kvf.common.shiro.ShiroConfig file...
CVE-2022-35857
kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because deserialization is mishandled. The rememberMe parameter is encrypted with a hardcoded key from the com.kalvin.kvf.common.shiro.ShiroConfig file...
CVE-2022-35857
kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because deserialization is mishandled. The rememberMe parameter is encrypted with a hardcoded key from the com.kalvin.kvf.common.shiro.ShiroConfig file...
PT-2022-22971 · Kvf-Admin · Kvf-Admin
Name of the Vulnerable Software and Affected Versions: kvf-admin through 2022-02-12 Description: The issue allows remote attackers to execute arbitrary code because deserialization is mishandled. The rememberMe parameter is encrypted with a hardcoded key from the...
PT-2022-3084 · Motorola · Motorola Ace1000 Rtu
Name of the Vulnerable Software and Affected Versions: Motorola ACE1000 RTU through 2022-05-02 Description: The issue is related to the use of hardcoded SSH credentials. This could allow a remote attacker to gain unauthorized access to protected information. The hardcoded SSH private key is likel...
CVE-2022-25807
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key...
CVE-2022-25807
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key...
CVE-2022-25806
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key...
CVE-2022-25806
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key...
PT-2022-6204 · Inhand Networks · Inrouter302
Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter302 version 3.5.4 Description: An information disclosure issue exists in the router configuration export functionality. A specially-crafted network request can lead to increased privileges. An attacker can send an HTTP...
CVE-2022-29856
A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages...
CVE-2022-29856
A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages...
CVE-2022-29856
Automation360 22 contains a hardcoded cryptographic key that enables decryption of exported RPA packages, exposing confidentiality risk for users. The vulnerability stems from a fixed key used in packaging/export workflows, allowing an attacker to decrypt previously exported artifacts. Documented...
GHSA-98J2-HFXP-8H8R Apache Doris hardcoded key and IV
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...
CVE-2022-23942
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...
CVE-2022-23942
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...
PYSEC-2022-43150
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...
PYSEC-2022-43150
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...
Information disclosure
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...