CVE-2023-26089

European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 through 6.27.5...

CVE-2023-27583

PanIndex is a network disk directory index. In Panindex prior to version 3.1.3, a hard-coded JWT key PanIndex is used. An attacker can use the hard-coded JWT key to sign JWT token and perform any actions as a user with admin privileges. Version 3.1.3 has a patch for the issue. As a workaround, on...

CVE-2023-51840

DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key...

CVE-2023-6409

CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert...

CVE-2023-2306

Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information using hard-coded credentials. With these credentials an attacker can retrieve information about the cameras, user information, and modify database records...

CVE-2023-2504

Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials...

CVE-2023-28895

The password for access to the debugging console of the PoWer Controller chip PWC of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found on Škoda Superb III 3V3 - 2.0 TD...

CVE-2023-22495

Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token JWT, an attacker cou...

CVE-2023-48251

The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account...

CVE-2023-48250

The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts...

CVE-2023-6198

Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCEBMI on EP3011 User Passwords modules allows unauthorized access to the device...

CVE-2023-5318

Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0...

CVE-2023-5222

A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been...

CVE-2023-41508

A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel...

CVE-2023-47315

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used to sign the application’s JWT token and verify the incoming user-supplied tokens...

CVE-2023-47117

Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...

CVE-2023-37231

Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password...

CVE-2023-36647

A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens...

CVE-2023-33744

TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password PIN: 385521, 843646, and 592671...

CVE-2023-32619

Archer C50 firmware versions prior to 'Archer C50JPV3230505' and Archer C55 firmware versions prior to 'Archer C55JPV1230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command...