8087 matches found
CVE-2018-1742
CVE-2018-1742 affects IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager). The vulnerability arises from hard-coded credentials (passwords or cryptographic keys) embedded in the software, used for inbound authentication, outbound communication, or data encryption. Affected ...
CVE-2018-5399 The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running and is configured with a hard-coded credentials
The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password onl...
CVE-2018-1742
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 148421...
CVE-2018-5399
CVE-2018-5399 affects Auto-Maskin DCU-210E RP-210E firmware (ARMv7) versions prior to 3.7. The firmware contains an undocumented Dropbear SSH server (v2015.55) listening on port 22 with hard-coded credentials (root / amroot) and password-only authentication, while an RSA host-key is present. This...
PT-2018-16943 · Auto Maskin +3 · Auto-Maskin Dcu-210E +3
Name of the Vulnerable Software and Affected Versions: Auto-Maskin DCU-210E RP-210E versions prior to 3.7 on ARMv7 Description: The firmware of the Auto-Maskin DCU 210E contains an undocumented Dropbear SSH server, version 2015.55, which listens on Port 22. This server is configured with a...
Auto-Maskin DCU 210E RP 210E and Marine Pro Observer App
Overview Auto-Maskin RP remote panels and DCU controls units are used to monitor and control ship engines. The units have several authentication and encryption vulnerabilities which can allow attackers to access the units and control connected engines. Description CWE 798: Use of Hard-Coded...
CVE-2018-15389 Cisco Prime Collaboration Provisioning Intermittent Hard-Coded Password Vulnerability
A vulnerability in the install function of Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is due to a hard-coded...
CVE-2018-15389
Cisco Prime Collaboration Provisioning (PCP) contains a vulnerability in its install function that allows an unauthenticated, remote attacker to reach the administrative web interface by using a default hard-coded username/password used during install. This can grant administrator-level access. M...
CVE-2018-15389 Cisco Prime Collaboration Provisioning Intermittent Hard-Coded Password Vulnerability
A vulnerability in the install function of Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is due to a hard-coded...
Security Bulletin: IBM Security Key Lifecycle Manager Uses Hard-coded Credentials (CVE-2018-1742)
Summary IBMSecurity Key Lifecycle Manager contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. Vulnerability Details CVEID: CVE-2018-1742...
Multiple vulnerabilities in Denbun
Overview Denbun provided by NEOJAPAN Inc. is a WebMail System. Denbun contains multiple vulnerabilities listed below. Hard-coded credentials for user account CWE-798 - CVE-2018-0680 Hard-coded credentials for the configuration management page CWE-798 - CVE-2018-0681 Improper session management...
JVN#00344155: Multiple vulnerabilities in Denbun
Denbun provided by NEOJAPAN Inc. is a WebMail System. Denbun contains multiple vulnerabilities listed below. Hard-coded credentials for user account CWE-798 - CVE-2018-0680 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2|...
Cisco Prime Collaboration Provisioning Intermittent Hard-Coded Password Vulnerability
A vulnerability in the install function of Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is due to a hard-coded...
CVE-2018-15753
An issue was discovered in the MensaMax aka com.breustedt.mensamax application 4.3 for Android. The use of a Hard-coded DES Cryptographic Key allows an attacker who decodes the application to decrypt transmitted data such as the login username and password...
Security Bulletin: IBM Data Science Experience Local is affected by a Use of Hard-coded Password vulnerability
Summary IBM Data Science Experience Local has addressed the following vulnerability. Password for Data Science Experience Local Hadoop Integration server certificate private key is hard-coded. Vulnerability Details CVEID: Not Applicable DESCRIPTION: No CVE description. CVSS Base Score: 7.5 CVSS...
CVE-2018-15753
The CVE-2018-15753 entry concerns MensaMax Android app (com.breustedt.mensamax) version 4.3. The issue is a hard-coded DES cryptographic key embedded in the app, which allows an attacker who decompiles the APK to decrypt transmitted data (e.g., login username and password). Public references note...
CVE-2018-15753
An issue was discovered in the MensaMax aka com.breustedt.mensamax application 4.3 for Android. The use of a Hard-coded DES Cryptographic Key allows an attacker who decodes the application to decrypt transmitted data such as the login username and password...
CVE-2018-8856
Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data...
CVE-2018-8856
Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data...
CVE-2018-8856
Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data...