CVE-2017-5243

The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the...

CVE-2016-5333

VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorizedkeys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key...

DDN SFA Default SSH Keys

DDN Default SSH Keys DDN SFA devices have default SSH keys in place Product: DDN SFA storage devices, all versions, all models Severity: High CVE Reference: NO CVE ASSIGNED - MWR ref: MWR-2016-0002 Type: Default Credentials Author: John Fitzpatrick Date: 2016-06-15 Description DDN controllers shi...

Code injection

Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to obtain root access via unspecified vectors, aka Bug ID CSCun71294...

Huawei HG630a / HG630a-50 - Default SSH Admin Password on ADSL Modems

Exploit Title: Huawei HG630a and HG630a-50 Default SSH Admin Password on Adsl Modems Date: 10.11.2015 Exploit Author: Murat Sahin @murtshn Vendor Homepage: Huawei Version: HG630a and HG630a-50 Tested on: linux,windows Adsl modems force you to change admin web interface password. Even though you c...

A large number of Cisco security devices was traced to the presence of a default SSH key-vulnerability warning-the black bar safety net

! Cisco revealed that a large number of Cisco security devices was traced to the presence of a default SSH key, an attacker can use this vulnerability to control the device. The scope of the impact Cisco's security experts found that a lot of Cisco security devices in the presence of a default SS...

On the Cisco Default SSH Keys, OPM Hack, the Adobe Zero Day, and More

Dennis Fisher and Mike Mimoso talk about the Cisco default SSH keys, more details of the OPM data breach, the Adobe 0-day and why we never hear about bad APT groups, only the really good ones. Download: digitalunderground208.mp3 Music by Chris Gonsalves...

Authentication flaw

The remote-support feature on Cisco Web Security Virtual Appliance WSAv, Email Security Virtual Appliance ESAv, and Security Management Virtual Appliance SMAv devices before 2015-06-25 uses the same default SSH root authorized key across different customers' installations, which makes it easier f...

Cisco Unified Communications Domain Manager multiple security vulnerabilities

Default ssh-key, privilege escalation, SSRF...

Multiple Vulnerabilities in Cisco Unified Communications Domain Manager

Cisco Unified Communications Domain Manager Cisco Unified CDM is affected by the following vulnerabilities: Cisco Unified Communications Domain Manager Privilege Escalation Vulnerability Cisco Unified Communications Domain Manager Default SSH Key Vulnerability Cisco Unified Communications Domain...

Loadbalancer.org Enterprise VA 7.5.2 - Static SSH Key

No description provided by source. ----------- Author: ----------- xistence xistenceat0x90.nl ------------------------- Affected products: ------------------------- Loadbalancer.org Enterprise VA 7.5.2 and below ------------------------- Affected vendors: ------------------------- Loadbalancer.or...

Loadbalancer.org Enterprise VA 7.5.2 - Static SSH Key

Loadbalancer.org Enterprise VA 7.5.2 - Static SSH Key ----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- Loadbalancer.org Enterprise VA 7.5.2 and below ------------------------- Affected vendors: ------------------------- Loadbalancer.o...

Loadbalancer.org Enterprise VA 7.5.2 - Static SSH Key

----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- Loadbalancer.org Enterprise VA 7.5.2 and below ------------------------- Affected vendors: ------------------------- Loadbalancer.org http://www.loadbalancer.org/...

Apple iPhone iOS Default SSH Password Exploit (.py)

This Exploits the default credentials of Apple iOS when it has been jailbroken and the passwords for the 'root' and 'mobile' users have not been changed. !/usr/bin/python This software opens a simple shell where you can type commands to send and works without Metasploit Exploit Title: Apple iPhon...

Apple iOS Default SSH Password Vulnerability

This module exploits the default credentials of Apple iOS when it has been jailbroken and the passwords for the root' and 'mobile' users have not been changed. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit...