PT-2021-11716 · Mobileiron · Mobileiron

Name of the Vulnerable Software and Affected Versions: MobileIron agents through 2021-03-22 for Android and iOS Description: The issue concerns a hardcoded encryption key used to encrypt username and password details during the authentication process. This key is located in the...

PT-2021-11715 · Mobileiron · Mobileiron

Name of the Vulnerable Software and Affected Versions: MobileIron agents through 2021-03-22 for Android and iOS Description: The issue concerns a hardcoded API key used for communication with the MobileIron SaaS discovery API. This key is found in the...

Ovarro TWinSoft 信任管理问题漏洞

Ovarro TWinSoft is an application platform from Ovarro Germany. One that can be used anytime, anywhere to access web features using its mobile devices and PCs. A security vulnerability exists in Ovarro TWinSoft that stems from TWinSoft's use of a custom hardcoded user TWinSoft with a hardcoded ke...

CVE-2020-13963

SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp which is a guest account...

CVE-2020-7846

Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page...

CVE-2020-25493

Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic...

CVE-2020-25493

Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic...

CVE-2021-27141

An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded j7aLyZ98sSd5HfSgGjMj8;Ss;d&^@$a2s0i3g key. The webs binary has details on how XOR is used...

Mofi Network MOFI4500-4GXeLTE 信任管理问题漏洞

The Mofi Network MOFI4500-4GXeLTE is a wireless router from Mofi Network. A security vulnerability exists in the Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The vulnerability stems from the fact that the Dropbear SSH daemon has been modified to accept an alternate hardcoded path to a public...

IBM Spectrum LSF 10.1 / 10.2 Hardcoded Eauth Key / Eauth Key Exposure Vulnerability

================================================================================ Multiple IBM Spectrum LSF Authentication Vulnerabilities Eauth - CVE-2020-4983 ================================================================================ Software: Spectrum LSF Vendor: IBM Affected Versions:...

PT-2021-2204 · Siemens · C-Plug +2

Name of the Vulnerable Software and Affected Versions: SCALANCE X-200 switch family incl. SIPLUS NET variants versions prior to V5.2.5 SCALANCE X-200IRT switch family incl. SIPLUS NET variants versions prior to V5.5.0 SCALANCE X-200RNA switch family versions prior to V3.2.7 Description: A...

Multiple Amino Product Trust Management Issue Vulnerabilities

Amino Communications AK45x series, among others, is a line of TV set-top box devices from Amino UK. A security vulnerability exists in a number of Amino Communications products that originates from a root user hard-coded SSH key, which can be exploited by an attacker to remotely login via SSH. Th...

Siemens LOGO! 8 BM Hardcoded Encryption Key Vulnerability

Siemens LOGO! 8 BM is a programming software for industrial environments for the Windows platform from Siemens Germany. A security vulnerability exists in Siemens LOGO! 8 BM, which can be exploited by an attacker to obtain a private RSA key used to encrypt communications with a device, resulting ...

CVE-2020-29063

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. ...

CVE-2020-27181

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files...

CVE-2020-27181

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files...

CVE-2020-12789

The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets...

CVE-2020-12789

The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets...

CVE-2020-14474

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device...

CVE-2020-14474

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device...