CVE-2019-4675

CVE-2019-4675 affects IBM Security Identity Manager 7.0.1, where the component contains hard-coded credentials used for its own inbound authentication, outbound communication to external components, or encryption of internal data. The root cause is the presence of embedded credentials in ISIM ver...

CVE-2019-4675

IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171511...

Opencast < 7.6.0 and 8.0.0 Multiple Vulnerabilities

Opencast is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities (CVE-2019-4674, CVE-2018-15473, CVE-2019-4675)

Summary IBM Security Identity Manager Virtual Appliance ISIM VA has addressed the following vulnerabilities due to a remote attacker, user enumeration vulnerability, and hard-coded credentials. Vulnerability Details CVEID: CVE-2019-4674 DESCRIPTION: IBM Security Identity Manager could allow a...

Harded Coded Remember-Me Cookie

Opencast uses a harded coded remember-me cookie. The remember-me cookie is created by hashing the username, password, and an additional system key, allowing anyone with an access to the remember-me token for one server to compromise all servers using the same credentials...

Hard-Coded Key Used For Remember-me Token in Opencast

Impact The security configuration in etc/security/mhdefaultorg.xml enables a remember-me cookie based on a hash created from the username, password, and an additional system key. Opencast has hard-coded this system key in the large XML file and never mentions to change this, basically ensuring th...

CVE-2020-5222 Hard-Coded Key Used For Remember-me Token in OpenCast

Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an attacker getting access to a remember-me token for one server can get access to all servers which allow log-in using the same credentials...

CVE-2013-2572

A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user obtain unauthorized access to CGI files...

CVE-2013-1603

Summary of CVE-2013-1603 and related D-Link IP Camera vulnerabilities (CVE‑2013‑1599, -1600, -1601, -1602, -1603): Core Security’s CORE-2013-0303 advisory documents OS command injection, several authentication issues, information leakage, and hard-coded credentials affecting D‑Link IP cameras (mo...

CVE-2020-6963

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center CIC Versions 4.X and 5.X, CARESCAPE Central Station CSCS Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execut...

CVE-2020-6963

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center CIC Versions 4.X and 5.X, CARESCAPE Central Station CSCS Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execut...

CVE-2020-6963

GE Healthcare GECARE/CSCS/CIC/ApexPro Telemetry Server and related components (ApexPro Telemetry Server 4.2 and prior; CARESCAPE Telemetry Server 4.2 and prior; CIC 4.X/5.X; CSCS 1.X, 2.X; B450/B650/B850 monitors) are affected by CVE-2020-6963 alongside a family of vulnerabilities (CVE-2020-6961/...

CVE-2019-16153

A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials...

CVE-2019-16153

A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials...

CVE-2019-16153

A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials...

CVE-2019-16153

Fortinet FortiSIEM is affected by CVE-2019-16153 due to a hard-coded credential vulnerability in the FortiSIEM database component (versions 5.2.5 and below). An attacker could gain unauthorized access to the device database via static credentials. Red Hat/Symantec and Fortinet advisories corrobor...

CVE-2019-16153

A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials...

CVE-2020-6857

CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary...

CVE-2020-6857

CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary...

Neowise CarbonFTP 1.4 Insecure Proprietary Password Encryption Exploit

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NEOWISE-CARBONFTP-v1.4-INSECURE-PROPRIETARY-PASSWORD-ENCRYPTION.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.neowise.com Product CarbonFTP v1.4 CarbonFTP is a...