Hardcoded credentials

A vulnerability has been identified in DCA Vantage Analyzer All versions V4.5 are affected by CVE-2020-7590. In addition, serial numbers 40000 running software V4.4.0 are also affected by CVE-2020-15797. Affected devices use a hard-coded password to protect the onboard database. This could allow ...

CVE-2020-7590

A vulnerability has been identified in DCA Vantage Analyzer All versions V4.5 are affected by CVE-2020-7590. In addition, serial numbers 40000 running software V4.4.0 are also affected by CVE-2020-15797. Affected devices use a hard-coded password to protect the onboard database. This could allow ...

CVE-2020-7590

CVE-2020-7590 affects DCA Vantage Analyzer in all versions below V4.5 (with CVE-2020-15797 affecting serials

MonoCMS Blog Information Disclosure Vulnerability

Mono is a free and open source project hosted by Xamarin previously Novell, first Ximian. A security vulnerability exists in version 1.0 of MonoCMS Blog, which stems from storing a hard-coded administrative hash in the log.xml file in the source file of MonoCMS Blog, with hash type bcrypt and has...

Security Bulletin: IBM Security Guardium is affected by Use of Hard-Coded Credentials vulnerabilities

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-4177 DESCRIPTION: IBM Security Guardium contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communicati...

Security Bulletin: IBM Security Guardium is affected by a Hard-coded passwords vulnerability

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-4190 DESCRIPTION: IBM Security Guardium contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communicati...

Exploit for Use of Hard-coded Credentials in Glpi-Project Glpi

CVE-2020-5248 Proof of Concept PoC for CVE-2020-5248. S...

Exploit for Use of Hard-coded Cryptographic Key in Apache Aurora

Awesome-shiro CVE-2016-4437 Shiro=1.2.4反序列化，爆破模块和key、代码执行、反弹shell的工具 ---- 漏洞原因 因为shiro对cookie里的rememberme字段进行了反序列化，所以如果知道了shiro的编码方式，然后将恶意命令用它的编码方式进行编码并放在http头的cookie里，在shiro对提交的cookie的rememberme字段进行反序列化时，也就执行了插入的命令，最终造成了命令执行 shiro默认使用了CookieRememberMeManager，其处理cookie的流程是：...

CVE-2020-24218

An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file...

CVE-2020-24218

An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file...

CVE-2020-24215

An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configuration with the cleartext admin password, and...

CVE-2020-25987

MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash...

CVE-2020-24218

CVE-2020-24218 affects URayTech IPTV/H.264/H.265 video encoders (up to version 1.97). The issue allows an unauthenticated remote attacker to log in as root using a hard-coded password embedded in the executable, effectively granting full control over the device. Documents indicate this involves d...

CVE-2020-24218

An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file...

CVE-2020-24215

CVE-2020-24215 affects HiSilicon-based IPTV/H.264/H.265 video encoders. The issue arises from hard-coded credentials in HTTP requests, enabling an attacker to perform any administrative task, retrieve device configurations (including the cleartext admin password), and upload firmware. This can le...

CVE-2020-24215

An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configuration with the cleartext admin password, and...

CVE-2020-25987

MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash...

CVE-2020-25987

CVE-2020-25987 affects MonoCMS Blog 1.0. The issue arises from hard-coded admin hashes stored in log.xml within the MonoCMS Blog source, with the hash type bcrypt and hashcat mode 3200 cited as crackable. This can enable credential exposure or misuse if an attacker can access the log.xml contents...

Rockwell Automation ISaGRAF5 Runtime (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ISaGRAF5 Runtime Vulnerabilities: Use of Hard-coded Cryptographic Key, Unprotected Storage of Credentials, Relative Path Traversal, Uncontrolled Search Path Element,...

CVE-2019-17098

Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v10.11.0 and prior...