Hardcoded credentials

PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate and ke...

CVE-2020-9435

PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate and ke...

CVE-2020-9435

CVE-2020-9435 affects Phoenix Contact TC Router/TC Cloud Client: devices listed (e.g., 3002T-4G, 2002T-3G, and variants) ship a hardcoded certificate and key used by default for web services. Root cause is the static certificate, enabling impersonation, MITM, or passive decryption if not replaced...

CVE-2019-10705

Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials...

CVE-2019-10705

Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials...

Authentication flaw

Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials...

CVE-2019-10705

Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials...

CVE-2019-10705

CVE-2019-10705 affects Western Digital SanDisk X600 SATA SSDs. The vulnerability is in the drive’s access control mechanism, potentially allowing data to be decrypted without authentication. Public materials identify this as part of a set of SED flaws (with CVEs including 2018-12037/12038 and 201...

A Flaw in Billions of Wi-Fi Chips Let Attackers Decrypt Data

Affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, and various Wi-Fi routers...

Billions of Devices Open to Wi-Fi Eavesdropping Attacks

SAN FRANCISCO — A serious vulnerability in Wi-Fi chips has been discovered that affects billions of devices worldwide, according to researchers. It allows attackers to eavesdrop on Wi-Fi communications. The bug CVE-2019-15126 stems from the use of an all-zero encryption key in chips made by...

New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices

Cybersecurity researchers today uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom and Cypress—apparently powering over a billion devices, including smartphones, tablets, laptops, routers, and IoT gadgets. Dubbed 'Kr00k' and track...

New LTE Network Flaw Could Let Attackers Impersonate 4G Mobile Users

A group of academics from Ruhr University Bochum and New York University Abu Dhabi have uncovered security flaws in 4G LTE and 5G networks that could potentially allow hackers to impersonate users on the network and even sign up for paid subscriptions on their behalf. The impersonation attack —...

CVE-2019-5137

The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13...

CVE-2019-5137

The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13...

Hardcoded credentials

The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13...

CVE-2019-5137

The Moxa AWK-3131A Series (firmware 1.13) ServiceAgent uses a hard-coded cryptographic key, enabling decryption of network traffic to/from the device. CVE-2019-5137 (CVSSv3 7.5) details the root cause and impact (confidentiality HIGH). A vendor patch is available; apply the security update from M...

CVE-2019-4557

IBM Qradar Advisor 1.1 through 2.5 with Watson uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 166206...

CVE-2019-4557

IBM Qradar Advisor 1.1 through 2.5 with Watson uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 166206...

CVE-2019-4557

IBM QRadar Advisor With Watson App for IBM QRadar SIEM (versions 1.1–2.5) is affected by CVE-2019-4557 due to the use of weaker-than-expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information stored in the app. The IBM security bulletin (A4C6...): rem...

Cisco Web Security Appliance Decryption Policy Bypass Vulnerability (cisco-sa-20190206-wsa-bypass)

According to its self-reported version, Cisco Web Security Appliance WSA is affected by a decryption policy bypass vulnerability. An unauthenticated, remote attacker can bypass a configured drop policy and allow unauthorized traffic onto the network. Please see the included Cisco BIDs and Cisco...