CVE-2023-27532

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts...

Design/Logic Flaw

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts...

CVE-2023-27532

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. Recent assessments: sfewer-r7 at March 14, 2023 2:49pm UTC reported: On March 7, 2023, Veeam...

Veeam Backup & Replication 访问控制错误漏洞

Veeam Backup & Replication is a backup and replication software from Veeam USA. A security vulnerability exists in Veeam Backup & Replication, which stems from allowing access to encrypted credentials stored in the configuration database, which can be exploited by an attacker to gain access to th...

CVE-2023-27532

CVE-2023-27532 affects Veeam Backup & Replication, specifically the Cloud Connect component. The vulnerability allows an unauthenticated actor inside the backup network perimeter to obtain encrypted credentials stored in the configuration database, potentially leading to access to backup infrastr...

PT-2023-1918

Name of the Vulnerable Software and Affected Versions Veeam Backup & Replication versions 11.0.1.1261 through 12.0.0.1420 Description A flaw exists in the Veeam Backup & Replication software that allows an unauthenticated user with network access to obtain encrypted credentials stored in the...

CVE-2023-27532

Article Applicability This article documents a vulnerability discovered in a core service of Veeam Backup & Replication and Veeam Cloud Connect. This vulnerability does not affect other Veeam products e.g., Veeam Backup for Microsoft 365, Veeam Agent for Microsoft Windows , Veeam ONE, Veeam Servi...

Input validation

Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a recoverable format. If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator's credentials may be decrypted...

The vulnerability of the Telnet service of the TOTOLINK N200RE V5 router’s microprogramming system allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Telnet service provided by the TOTOLINK N200RE V5 microprogramming router lies in the use of strictly encrypted login credentials, with the SESSIONID file stored in a cookie. Exploiting this vulnerability allows an attacker to gain unauthorized access to protected...

The vulnerability of D-Link DAP-2020 and DAP-1360 wireless access points, due to the use of rigidly encrypted login credentials, allows attackers to circumvent security restrictions.

The vulnerability of D-Link DAP-2020 and DAP-1360 wireless access points lies in the use of strictly encrypted login credentials. Exploiting this vulnerability allows a malicious actor to bypass security restrictions remotely...

CVE-2023-24022

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. The credentials are stored in the firmware, encrypted by the crypt function...

The vulnerability of the Client component in TP-Link Archer AX10 microprogramming software allows a attacker to execute a brute-force attack and gain unauthorized access to protected information.

The vulnerability of the Client component in TP-Link Archer AX10 microprogramming software lies in the use of rigidly encrypted login credentials. Exploiting this vulnerability allows a remote attacker to execute a brute-force attack and gain unauthorized access to protected information...

CVE-2022-45423

Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface the credentials cannot be directly exploited...

Design/Logic Flaw

Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface the credentials cannot be directly exploited...

CVE-2022-45423

Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface the credentials cannot be directly exploited...

PT-2022-27506 · Dahua · Dahua

Name of the Vulnerable Software and Affected Versions: Dahua software products affected versions not specified Description: The issue concerns a vulnerability that allows an attacker to obtain encrypted MQTT credentials through an unauthenticated request by sending a crafted packet to the...

Dahua software products 访问控制错误漏洞

Dahua software products are a family of applications from the Chinese company Dahua. A security vulnerability exists in several Dahua software products that stems from their unauthenticated MQTT credential requests that allow an attacker to obtain encrypted MQTT credentials which cannot be direct...

Security Bulletin: Multiple vulnerabilities in IBM Cognos Express (CVE-2013-5443, CVE-2013-5445, CVE-2013-5444, CVE-2013-2407, CVE-2013-2450, CVE-2013-0169, CVE-2013-1478, CVE-2013-1480)

Summary A number of security vulnerabilities in IBM Cognos Express have been identified and addressed in a software update. Vulnerability Details CVE ID: CVE-2013-5443 DESCRIPTION: A Cross Site Request Forgery CSRF vulnerability in IBM Cognos Express allows an attacker that is able to trick an...

The vulnerability of the Iota All-In-One Security Kit’s Telnet server allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Iota All-In-One Security Kit’s Telnet server lies in the ability to use strictly encrypted credentials. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information through the TCP port 55023...

The vulnerability of the command-line interface (CLI) of FortiOS operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the command-line interface CLI of FortiOS operating systems is related to the use of rigidly encrypted credentials. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...