42 matches found
The vulnerability of microprogrammed software in programmable logic controllers and human-machine interfaces of the Unitronics Vision Series allows a perpetrator to gain administrative access to the device.
The vulnerability of microprogrammed software in programmable logic controllers and human-machine interfaces of the Unitronics Vision Series is related to the use of rigidly encoded credentials. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain administrative...
The vulnerability of the Cisco Emergency Responder’s management and monitoring server, related to the use of rigidly encoded credentials, allows a attacker to execute arbitrary codes with root privileges.
The vulnerability of the Cisco Emergency Responder, a server for managing and monitoring emergency calls, lies in the use of rigidly encoded credentials. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary commands with root privileges...
The vulnerability of the command-line interface (CLI) of D-Link DAP-2622 wireless access point’s software allows a hacker to gain increased privileges.
The vulnerability of the command-line interface CLI of D-Link DAP-2622 wireless access point’s microprogramming software relates to the possibility of using rigidly encoded credentials. Exploiting this vulnerability allows a malicious actor to enhance their privileges by bypassing the...
CVE-2023-20891
The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF...
Vulnerability of EVlink City parking charging station software. EVlink Parking and EVlink Smart Wallbox, which rely on rigidly encoded credentials, allow intruders to obtain unauthorized administrative privileges.
Vulnerability of EVlink City parking charging station software. EVlink Parking and EVlink Smart Wallbox utilize strict encoding for user data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized administrative privileges...
The vulnerability lies in the communication functions between the Omron NJ/NX automation controller, the Omron Sysmac Studio automation software, and the programmable terminal Omron NA. This vulnerability allows a perpetrator to gain access to the controller.
The vulnerability of communication functions between Omron NJ/NX automation controllers, Omron Sysmac Studio automation software, and Omron NA programmable terminals is related to the use of rigidly encoded account data. Exploiting this vulnerability can allow a malicious actor to gain access to...
The vulnerability of the microprogrammed logic controllers ACE1000, related to the use of rigidly encrypted account data for five SSH accounts, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the microprogrammed logic controllers ACE1000 relates to the use of rigidly encoded credentials for five SSH accounts. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
CVE-2021-3417
An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator LXCA, if added as a Resource Manager, are encoded then written to an internal LXCO log file each time a session is established with LXCA. Affected logs are captured in...
Backdoor.Win32.Agent.aak Hardcoded Credentials
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/64f2fd4dbd9039e5bc054f475eaa582a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.aak Vulnerability: Weak Hardcoded Credentials Description: The HTTP backdoor...
Authentication flaw
HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials...
CVE-2020-14246
HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials...
PT-2021-19235 · 1с · 1С:Предприятие +1
Name of the Vulnerable Software and Affected Versions: 1C:Enterprise 8 versions prior to 8.3.17.1851 Description: The issue concerns the Web server in 1C:Enterprise 8, which sends base64 encoded credentials in the creds URL parameter. Recommendations: For versions prior to 8.3.17.1851, update to...
1c Enterprise Encryption Problem Vulnerability
1c Enterprise is a platform for handling business automation in corporate environments from 1c Germany. The platform handles activities in accounting, finance, human resources and management. A cryptographic issue vulnerability exists in 1C:Enterprise 8 8.3.17.1851, which stems from the program...
h1-ctf: [H1-2006 2020] Bounty Pay CTF challenge
H1-2006 2020 Bounty Pay CTF challenge Hi there! This is my H1-2006 CTF writeup submission. First of all, thanks for the great challenge! This was my first H1 CTF that I played. I really enjoyed doing it and I learned new things solving this challenge. In my case, it was the demonstration that I...
Avaya IP Office 11 Insecure Transit / Password Disclosure Vulnerability
Avaya IP Office versions 9.1.8.0 through 11 suffer from an insecure transit vulnerability that allows for password disclosure. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
WEMS BEMS 21.3.1 - Undocumented Backdoor Account Vulnerability
Exploit for hardware platform in category web applications Exploit: WEMS BEMS 21.3.1 - Undocumented Backdoor Account Author: LiquidWorm Vendor: WEMS Limited Product web page: https://www.wems.co.uk Advisory ID: ZSL-2019-5552 Advisory URL:...
CVE-2019-12310
ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including...
CVE-2019-12310
ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including...
CVE-2019-5627
The iOS mobile application BlueCats Reveal before 5.14 stores the username and password in the app cache as base64 encoded strings, i.e. clear text. These persist in the cache even if the user logs out. This can allow an attacker to compromise the affected BlueCats network implementation. The...
CVE-2018-18767
An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app e.g., change camera settings or play lullabies, it communicates directly with the Wi-Fi camera D-Link 825L firmware 1.08 with the credentials username and password in base64 cleartext...