4 matches found
Apache Syncope's AES encryption stores hard-coded passwords in internal database
Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...
CVE-2022-36617
Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords...
Cisco IP Phone Cleartext Password Storage Vulnerability
Cisco IP Phone Series 78x1, 88x5, 88x1, 7832, 8832, 8821 and 3905 suffer from an insecure password storage vulnerability. ======================================================================= title: Cleartext Storage of Phone Password product: Cisco IP Phone Series 78x1, 88x5, 88x1, 7832, 8832,...
Digital Video Surveillance System weak authentication
Authentication mechanism is vulnerable to man-in-the-midle attack replay attack and cleartext recovery...