1118 matches found
CVE-2017-9649
A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants including RSD31-AM Package, DRM-1/2 and variants including Solar PWR Package, DRM and RDS Based Boundary Monitors, External...
Multiple Westermo devices hard-coded to use encryption key vulnerability
The Westermo MRD-305-DIN, MRD-315 and MRD-355 are all router products from Westermo, Sweden. A security vulnerability exists in multiple Westermo devices. An attacker could exploit the vulnerability to decode traffic from other sources...
Multiple Westermo Routers Hardcoded Password Vulnerability
The RD-305-DIN, MRD-315, MRD-355, and MRD-455 are all Westermo router devices. Multiple Westermo routers are vulnerable to a hard-coded password vulnerability where the device uses a hard-coded special key that allows an attacker to decrypt traffic from any other source...
CVE-2017-6054
A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information...
Hardcoded Credentials Vulnerability in Multiple Foscam Devices
Foscam is the world's leading provider of home security IP cameras. A security vulnerability exists in the use of the same hard-coded SSL private key for Foscam networked devices across different customer installations. A remote attacker could utilize another installation with knowledge of this k...
Schneider Modicon M221CE16R Hard-Coded Vulnerability
The Modicon M221CE16R is an all-in-one programmable controller from Schneider Electric Co. The Schneider Modicon M221CE16R is vulnerable to a hard-coded vulnerability where XML files are AES-CBC encrypted, but the key used for encryption is hard-coded and cannot be changed. After decrypting the X...
Red Lion Controls Sixnet-Managed Industrial Switches and Stride-Managed Ethernet Switches Hard-Coded Encryption Key Vulnerability
Red Lion Controls Sixnet-Managed Industrial Switches and Stride-Managed Ethernet Switches are both industrial Ethernet managed switches from Red Lion Controls, USA. A hard-coded encryption key vulnerability exists in Red Lion Controls Sixnet-Managed Industrial Switches version 5.0.196 and earlier...
CVE-2016-9353
An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use...
D-Link DGS-1100 Switch Local Hardcoded SSL Certificate Vulnerability
The D-Link DGS-1100 is an Ethernet switch from AUO D-Link. A security vulnerability exists in D-Link DGS-1100 devices using firmware version 1.01.018, which originates from a program using a hard-coded SSL private key. An attacker can exploit the vulnerability by hijacking an HTTPS session to...
SAP Download Manager Information Disclosure Vulnerability
SAP Download Manager is the German SAP SAP company developed a set of Java applications for downloading software packages and support comments. A security vulnerability exists in SAP Download Manager version 2.1.142 and prior versions, which arises from the program's use of a hard-coded encryptio...
Advantech SUSIAccess Server Local Elevation of Privilege Vulnerability
SUSIAccess is an easy-to-use remote device management software solution. A local elevation of privilege vulnerability exists in Advantech SUSIAccess Server. Since the admin password is stored on the system and encrypted using a hard-coded static key in the program. An attacker can exploit the...
SysAid Help Desk Hardcoded Key Vulnerability
SysAid Help Desk is a suite of Web-based IT management software. SysAid Help Desk has a built-in hard-coded vulnerability that could be exploited by a remote attacker to gain unauthorized access to the key...
Jenkins HP Application Automation Tools Plugin Password Encryption Security Weakness
The remote host is using the Jenkins HP Application Automation tools plugin. Nessus was able to remotely access one or more unprotected files in the Jenkins build system and decrypt the HP Application Lifecycle Management password. These passwords are currently encrypted with a known, hard-coded...
Two Instagram Android App Security Vulnerabilities
Affected app: Instagram for Android Affected versions: 4.0.2 and 4.1.2, probably also earlier versions as well as iOS affected. Summary After the Instagram iOS vulnerability discovered last year 1, the app's HTTP API has been extended with a cryptographic authentication for changes like "likes" a...
CVE-2008-2369
manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements...
Satellite: information disclosure via manzier.pxt RPC script
manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements...
TBDev torrent tacker script backdoor - FAKE
On connection with hard coded key with hash "0bffd3d87e7267c7fe686e20acbee7ab" all database tables are dropped...
CVE-2002-0706
CVE-2002-0706 affects SurfControl SuperScout WebFilter’s Web Reports Server, specifically the UserManager.js component. The root cause is the use of weak encryption for administrator functions, with a hard-coded key inside a JavaScript function, enabling decryption of the admin password. This all...