PT-2021-20550 · Pepperl+Fuchs · Wirelesshart Gateway

Name of the Vulnerable Software and Affected Versions: PEPPERL+FUCHS WirelessHART-Gateway versions 3.0.7 through 3.0.9 Description: The issue concerns hard-coded credentials in the SSH and telnet services of the affected device. Recommendations: For versions 3.0.7 through 3.0.9, consider disablin...

MIK.starlight 信任管理问题漏洞

MIK.starlight is the departmental access and creation dashboard, reporting and planning environment. A security vulnerability exists in MIK.starlight version 7.9.5.24363, which stems from the use of hard-coded keys in the software, which allows an attacker to decrypt credentials via an unspecifie...

Pepperl Fuchs WirelessHART-Gateway 信任管理问题漏洞

The Pepperl Fuchs WirelessHART-Gateway is a gateway device from Pepperl Fuchs, Germany. A trust management issue vulnerability exists in Pepperl Fuchs WirelessHART-Gateway versions 3.0.7 through 3.0.9, which arises when SSH and telnet services are active using hard-coded credentials...

CVE-2021-29728

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160...

CVE-2021-29728

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160...

CVE-2021-29728

CVE-2021-29728 affects IBM Sterling Secure Proxy/Sterling Proxy components. The connected documents confirm hard-coded credentials (passwords or keys) used for inbound authentication, outbound communication, or internal data encryption in versions 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2. Implications ...

CVE-2021-29728

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160...

IBM Sterling Secure Proxy 信任管理问题漏洞

IBM Sterling Secure Proxy creates a security barrier for trusted networks by preventing direct connections between external partners and internal servers. IBM Sterling Secure Proxy versions 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contain a hard-coded credential vulnerability. An attacker could use thi...

PT-2021-18435 · Ibm · Ibm Sterling Secure Proxy

Name of the Vulnerable Software and Affected Versions: IBM Sterling Secure Proxy versions 2.4.3.2, 3.4.3.2, 6.0.1, 6.0.2 Description: The issue concerns hard-coded credentials, such as a password or cryptographic key, used for inbound authentication, outbound communication to external components,...

Security Bulletin: Multiple Vulnerabilities Affect IBM Secure External Authentication Server

Summary There are multiple vulnerabilities in IBM Secure External Authentication Server. IBM Secure External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-29722 DESCRIPTION: IBM Sterling Secure Proxy uses weaker than expected cryptographic algorith...

Security Bulletin: Multiple Vulnerabilities Affect IBM Secure Proxy

Summary There are multiple vulnerabilities in IBM Secure Proxy. IBM Secure Proxy has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-29723 DESCRIPTION: IBM Sterling Secure Proxy uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly...

D-Link DVG-3104MS Default Account Vulnerability

A security vulnerability exists in D-Link DVG-3104MS, a gateway from D-Link, Taiwan, China, due to the fact that D-Link DVG-3104MS versions 1.0.2.0.3, 1.0.2.0.4 and 1.0.2.0.4E contain " /etc/passwd" file that does not record hard-coded credentials for user accounts. An attacker could exploit this...

D-Link DSR-500N Default Account Vulnerability

A security vulnerability exists in the D-Link DSR-500N, a wireless router from D-Link, Taiwan, China, which stems from the fact that version 1.02 of the D-Link DSR-500N contains hard-coded credentials for user accounts that are not documented in the "etc/passwd" file. The vulnerability is caused ...

D-Link DVX-2000MS Default Account Vulnerability

A security vulnerability exists in the D-Link DVX-2000MS, a hardware for IP telephony systems from D-Link in Taiwan, China. file contains hard-coded credentials that do not record user accounts. An attacker could exploit this vulnerability to recover plaintext passwords from hash values...

CVE-2021-39614

D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values...

CVE-2021-39615

D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying...

CVE-2021-39615

D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying...

CVE-2021-39613

D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. NOTE: This vulnerability only affects products...

Hardcoded credentials

D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values...

CVE-2021-39615

The D-Link DSR-500N is affected by CVE-2021-39615 in version 1.02, where hard-coded credentials for undocumented accounts in /etc/passwd allow an attacker to log in via SSH or Telnet and gain access to the embedded Linux OS. The issue is fixed in firmware version 2.12/2. This vulnerability is not...