UBUNTU-CVE-2022-23942

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...

CVE-2022-23942

CVE-2022-23942 affects Apache Doris versions prior to 1.0.0, where the LDAP password cipher uses a hardcoded key and IV, enabling information disclosure. The issue is exploitable over the network with low attack complexity and no authentication required, compromising confidentiality (per CVSS met...

CVE-2022-23942 Apache Doris hardcoded cryptography initialization

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...

CVE-2022-23650

Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-coded cryptographic key in the code base which can be exploited to run admin commands on a remote server if the exploiter know the address and...

CVE-2022-22928

MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code...

Weak Encryption

session-file-store is vulnerable to a weak encryption implementation. The encryption library uses the a hardcoded key as the ciper, bypassing the point of encrypting the files to begin with. A malicious user can decrypt and get access...

CVE-2021-45458

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

CVE-2021-45458

Apache Kylin’s PasswordPlaceholderConfigurer uses a cipher initialized with a hardcoded key and IV, risking decryption of passwords stored in configuration. Affected: Kylin 2.x ≤ 2.6.6; 3.x ≤ 3.1.2; 4.x ≤ 4.0.0. Impact: potential password exposure. Remediation/fix details are not provided in the ...

CVE-2021-45458 Hardcoded credentials

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

PT-2022-12364 · Apache · Apache Kylin

Name of the Vulnerable Software and Affected Versions: Apache Kylin versions 2.6.6 and prior Apache Kylin versions 3.1.2 and prior Apache Kylin versions 4.0.0 and prior Description: Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In th...

CVE-2021-45913

A hardcoded key in ControlUp Real-Time Agent cuAgent.exe before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel...

CVE-2021-45913

A hardcoded key in ControlUp Real-Time Agent cuAgent.exe before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel...

CVE-2021-45913

A hardcoded key in ControlUp Real-Time Agent cuAgent.exe before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel...

CVE-2021-45913

A hardcoded key in ControlUp Real-Time Agent cuAgent.exe before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel...

The vulnerability of the EyesOfNetwork (EON) monitoring software, related to the use of pre-installed credentials, allows a perpetrator to gain unauthorized access to protected information and enhance their privileges.

The vulnerability of the EyesOfNetwork EON monitoring software lies in the use of the hardcoded EONAPIKEY key by default. Exploiting this vulnerability allows a remote attacker to gain unauthorized access to protected information and enhance their privileges...

MyLittleTools MyLittleBackup 代码问题漏洞

MyLittleTools MyLittleBackup is a SQL Server management tool from MyLittleTools France. Manage SQL Server databases in a web hosted environment. A code issue vulnerability exists in MyLittleBackup, which allows remote attackers to exploit the vulnerability to execute arbitrary code because the...

The vulnerability of the “Blockhost-Net” information protection software allows a perpetrator to gain access to the protected information.

The vulnerability of the GIS.BlockPost.GUI application, a software tool for information protection, is related to the use of a symmetric encryption key defined in the program code. Exploiting this vulnerability could allow an attacker to decrypt files containing information about the program’s...

CVE-2021-27481

ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information...

CVE-2020-35137

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work aka com.mobileiron. The key is in com/mobileiron/registration/RegisterActivity.java and can be used for...

CVE-2020-35138

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demonstrated by Mobile@Work aka com.mobileiron. The key is in the...