Sonatype Nexus Repository Manager Weak Password Vulnerability

Sonatype Nexus Repository Manager is a maven repository manager. A security vulnerability exists in the LDAP integration feature in Sonatype Nexus Repository Manager 2.14.5 and earlier versions, which stems from the program's use of hard-coded CMMDwoV values to encrypt passwords. An attacker coul...

Ichano AtHome IP Cameras - Multiple Vulnerabilities

Vulnerabilities Summary The following advisory describes three 3 vulnerabilities found in Ichano IP Cameras. AtHome Camera is “a remote video surveillance app which turns your personal computer, smart TV/set-top box, smart phone, and tablet into a professional video monitoring system in a minute....

Ichano AtHome IP Cameras - Multiple Vulnerabilities

Ichano AtHome IP Cameras - Multiple Vulnerabilities Vulnerabilities Summary The following advisory describes three 3 vulnerabilities found in Ichano IP Cameras. AtHome Camera is “a remote video surveillance app which turns your personal computer, smart TV/set-top box, smart phone, and tablet into...

CVE-2017-17107

CVE-2017-17107 affects Zivif PR115-204-P-RS Webcams (version 2.3.4.2103). The root user password is hard-coded as cat1029, and the SONIX OS setup makes it unchangeable, enabling root access via TELNET. This CVE is part of a set (CVE-2017-17105, -17106, -17107) describing authentication bypass, co...

CVE-2017-17107

Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session...

Weak Implementation Of Password Cipher

nexus-ldap-common contains a weak implementation of password cipher. It stores the LDAP bind password using the PBE Key Spec with only 23 iterations and a hard-coded password. This allows the cipher to be easily defeated...

Zivif Web Cameras Multiple Vulnerabilities

Implementation of access controls is Zivif cameras is severely lacking.As a result, CGI functions can be called directly, bypassing authentication checks. This was first identified with the following request CVE-2017-17106 http:///web/cgi-bin/hi3510/param.cgi?cmd=getuser Cameras respond to this...

Unspecified Vulnerability in Dell Storage Manager

Dell Storage Manager is an application for managing and monitoring multiple Storage Center, PS Series portfolio FluidFS from Dell USA. A security vulnerability exists in Dell Storage Manager versions prior to 16.3.20 aka 2016 R3.20 that stems from the program's use of a hard-coded password to...

CVE-2017-14374

The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 aka 2016 R3.20 is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionalit...

CVE-2017-14374

The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 aka 2016 R3.20 is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionalit...

Hardcoded credentials

The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 aka 2016 R3.20 is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionalit...

CVE-2017-14374

Dell Storage Manager before 16.3.20 (2016 R3.20) stores a hard-coded password for the SMI-S service. A remote attacker who knows the credential could disable the SMI-S service via HTTP requests, impacting storage management and monitoring through the SMI-S interface. Affected platform is Windows ...

CVE-2017-14374

The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 aka 2016 R3.20 is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionalit...

CVE-2017-2720

FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure...

CVE-2017-2720

FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure...

Kaspersky: Hard Coded username and password in registry

I was using a tool called RegShot to take a snap shot of the registry before and after installation in order to see what changes were being made in the registry and I discovered hard-coded credentials I have attached the full comparison details of the registry changes but these are the lines and...

D-Link DGS-1500 Ax Device Hardcoded Password Vulnerability

The D-Link DGS-1500 Ax devices is a switch device from AUO. The D-Link DGS-1500 Ax devices use hard-coded passwords that allow remote attackers to exploit vulnerabilities by submitting specially crafted requests for unauthorized access to the devices...

CVE-2017-14021

A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e,...

Hardcoded credentials

A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e,...

CVE-2017-14027

A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and...