Unspecified Vulnerability in Harman AMX

Harman AMX is a series of conversion controller products from Harman USA. A security vulnerability exists in the 'setUpSubtleUserAccount' function in the /bin/bw URI in versions of Harman AMX prior to 2016-01-20, which stems from the use of a hard-coded password for the 1MB@tMaN account. A remote...

Cisco Modular Encoding Platform D9036 Software Insecure Default Password Vulnerability

Cisco Modular Encoding Platform D9036 Software is the United States Cisco Cisco based on the D9036 modular encoding platform for improving video quality application software. A security vulnerability exists in versions of Cisco Modular Encoding Platform D9036 Software prior to 02.04.70, which ste...

Unspecified vulnerability in Harman AMX (CNVD-2016-00786)

Harman AMX is a series of conversion controller products from Harman USA. A security vulnerability exists in the 'setUpSubtleUserAccount' function in the /bin/bw URI in versions of Harman AMX prior to 2015-10-12, which stems from the use of hard-coded passwords for BlackWidow accounts. A remote...

Lenovo eggplant fast pass（Lenovo ShareIT is exposed to many vulnerabilities-vulnerability warning-the black bar safety net

Lenovo ShareIT（eggplant fast pass service is proof there is a hard-coded password, information leakage, sensitive information is not encrypted, unauthorized vulnerability, bug submitter from Core Security Consulting team the security researcher Ivan Huertas, this report from the same team of...

Oh Snap! Lenovo protects your Security with '12345678' as Hard-Coded Password in SHAREit

What do you expect a tech giant to protect your backdoor security with? Holy Cow! It's "12345678" as a Hard-Coded Password. Yes, Lenovo was using one of the most obvious, awful passwords of all time as a hard-coded password in its file sharing software SHAREit that could be exploited by anyone wh...

Lenovo SHAREit App Hard-Coded Password

Lenovo today has patched a number of vulnerabilities that jeopardize private data, which are largely enabled by a simple hard-coded password in a freely available file-sharing application. The flaws were found in in the Lenovo ShareIT application for Android and Windows by researchers at Core...

Lenovo ShareIT Information Disclosure / Hardcoded Password

Advisory Information Title: Lenovo ShareIT Multiple Vulnerabilities Advisory ID: CORE-2016-0002 Advisory URL: http://www.coresecurity.com/advisories/lenovo-shareit-multiple-vulnerabilities Date published: 2016-01-25 Date of last update: 2016-01-22 Vendors contacted: Lenovo Release mode:...

Fortinet FortiOS Information Disclosure Vulnerability (CNVD-2016-00441)

Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform. Fortinet FortiOS has a FortimanagerAccess account that uses hard-coded passwords, allowing a remote attacker to gain administrator access via an SSH session with the help of this account...

Harman AMX multimedia devices contain hard-coded credentials

Overview Multiple models of Harman AMX multimedia devices contain a hard-coded debug account. Description CWE-798: Use of Hard-coded Credentials - CVE-2015-8362According to the researchers' blog post, several models of Harman AMX multimedia devices contain a hard-coded "backdoor" account with...

Advantech EKI Vulnerable to Bypass, Possible Backdoor

Researchers have uncovered yet another issue–and potential backdoor–in Advantech’s beleaguered EKI-1322 serial device server. The Dropbear SSH daemon associated with the server, because of heavy modifications, fails to enforce authentication. This makes it so any user who wants to bypass...

Someone Just Leaked Hard-Coded Password Backdoor for Fortinet Firewalls

Are millions of enterprise users, who rely on the next-generation firewalls for protection, actually protected from hackers? Probably Not. Just less than a month after an unauthorized backdoor found in Juniper Networks firewalls, an anonymous security researcher has discovered highly suspicious...

Pro-face GP-Pro EX HMI Vulnerabilities

OVERVIEW ZDI Zero Day Initiative has identified one information disclosure and two buffer overflow vulnerabilities, and independent researcher Jeremy Brown has identified hard-coded credentials in Pro-face’s GP-Pro EX HMI software. Pro-face has produced a module to mitigate these vulnerabilities...

SAP Hybris E-commerce Suite VirtualJDBC - Default Credentials

Application: SAP Hybris E-commerce Suite Versions Affected: SAP Hybris E-commerce Suite 5.1.0.3 Vendor URL: SAP Bugs: Default credentials Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 10.05.2016 Author: Alexey Tyurin ERPScan VULNERABILITY INFORMATION Class: CWE-259 Use...

Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Vulnerabilities

OVERVIEW Gleb Gritsai, Ilya Karpov, and Kirill Nesterov of Positive Technologies Security Lab and independent researcher Alisa Esage Shevchenko have identified vulnerabilities in the Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014. Schneider Electric has released new patch...

Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-085-01 Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Vulnerabilities, that was published March 26, 2015, to the NCCIC/ICS-CERT web site. Gleb Gritsai, Ilya Karpov, and Kirill Nesterov o...

Moderate: Red Hat Security Advisory: Red Hat Enterprise Linux OpenStack Platform 7 director update

Updated packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux OpenStack Platform 7.0 director for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System...

Juniper Networks ScreenOS Authentication Bypass (CVE-2015-7755)

An authentication bypass vulnerability exists in Juniper Networks ScreenOS. The vulnerability is due to the presence of a default administrative account with a hard-coded password. A remote, unauthenticated attacker could exploit this vulnerability to gain administrative access to the target...

Adcon Telemetry A840 Telemetry Gateway Hardcoded Certificate Vulnerability

The Adcon Telemetry A840 Telemetry Gateway is the A840 series of gateway products from Adcon Telemetry, Germany. The Adcon Telemetry A840 Telemetry Gateway uses hard-coded certificates, which allows remote attackers to exploit the vulnerability to change the device configuration and read or write...

Advantech EKI Vulnerable to Shellshock, Heartbleed

Twice in the past year, security researchers have found and reported critical vulnerabilities in Modbus gateways built by Advantech that are used to connect serial devices in industrial control environments to IP networks. Most recently, independent security researcher Neil Smith found hard-coded...

PCD Hardcoded Password Vulnerability in Multiple Saia Burgess Controls Products

Saia Burgess Controls PCD Controller is a family of programmable controllers for measurement, regulation and control tasks from Saia Burgess Controls, Switzerland. A security vulnerability exists in a number of Saia Burgess Controls products and stems from the program's use of hard-coded...