Security Bulletin: IBM Security Information Queue contains hard-coded credentials (CVE-2020-4283)

Summary IBM Security Information Queue ISIQ stores the JSON web token JWT secret in plain text in one of its YAML files. As of v1.0.5, ISIQ generates an encrypted JWT secret during product configuration. Vulnerability Details CVEID: CVE-2020-4283 DESCRIPTION: IBM Security Information Queue ISIQ...

IBM Security Identity Manager Trust Management Issues Vulnerability

IBM Security Identity Manager ISIM is a suite of identity management and governance solutions from IBM in the United States. The solution automates the creation, modification, re-authentication and termination of user privileges throughout the user lifecycle and supports policy-based password...

CVE-2019-5139

An exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts...

CVE-2019-5139

An exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts...

Hardcoded credentials

An exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts...

CVE-2019-5139

CVE-2019-5139 affects Moxa AWK-3131A (firmware 1.13). A hard-coded credential (moxaiwroot) is used in multiple iw_* utilities, enabling creation of custom diagnostic scripts via the device’s diagnostic path. Root cause: undocumented encryption/password usage within iw_* components. Impact: local ...

CVE-2019-5139

An exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts...

Moxa EDS-G516E and EDS-510E Series Ethernet Switches

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: EDS-G516E series, and EDS-510E series Vulnerabilities: Stack-based Buffer Overflow, Use of a Broken or Risky Cryptographic Algorithm, Use of Hard-coded Cryptographic Key, Use of...

Vulnerability Spotlight: Multiple vulnerabilities in Moxa AWK-3131A

Jared Rittle and Carl Hurd of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. The Moxa AWK-3131A networking device contains several different vulnerabilities that an attacker could exploit to carry out malicious activities in an industrial environment. The AWK-3131A is a wirele...

Moxa AWK-3131A multiple iw_* utilities Use of Hard-coded Credentials Vulnerability

Summary An exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. Tested Versions Moxa...

Critical Cisco Bug Opens Software Licencing Manager to Remote Attack

A critical flaw in the High Availability HA service of Cisco Smart Software Manager On-Prem Base has been uncovered, which would open the door to remote attackers thanks to its use of a static, default password, even if the platform isn’t directly connected to the internet. Cisco Smart Software...

Auto-Maskin RP210E, DCU210E, and Marine Observer Pro (Android App)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Auto-Maskin Equipment: RP 210E Remote Panels, DCU 210E Control Units, and Marine Observer Pro Android App Vulnerabilities: Cleartext Transmission of Sensitive Information, Origin Validation Error,...

CVE-2019-4392

HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system...

CVE-2019-4392

HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system...

Hardcoded credentials

HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system...

CVE-2019-4392

HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system...

CVE-2019-4675

IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171511...

CVE-2019-4675

IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171511...

CVE-2019-4675

CVE-2019-4675 affects IBM Security Identity Manager 7.0.1, where the component contains hard-coded credentials used for its own inbound authentication, outbound communication to external components, or encryption of internal data. The root cause is the presence of embedded credentials in ISIM ver...

CVE-2019-4675

IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171511...