CFME: Default salt value in miq-password.rb

lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine CFME before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack...

[Onapsis Security Advisories] Multiple Hard-coded Usernames in SAP Components

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisories:Multiple Hard-coded Usernames CWE-798 have been found and patched in a variety of SAP components. Summaries of the advisories with links to full versions follow: 1. ONAPSIS-2014-011-SAP Project System Structures and...

Morpho Itemiser 3 Hard-Coded Credential

OVERVIEW Independent researchers Billy Rios and Terry McCorkle have identified hard-coded credentials in the Morpho Itemiser 3. Morpho has not produced a patch, update, or new version that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The followin...

PT-2014-16: Privilege Gaining in Siemens SIMATIC WinCC

The specialists of the Positive Research center have detected a Privilege Gaining vulnerability in SIMATIC WinCC. A hard coded encryption key could allow privilege escalation in the WinCC Project administration application if its network communication on port 1030/tcp of a legitimate user can be...

ZyXEL Wireless N300 NetUSB Router NBG-419N devices contain multiple vulnerabilities

Overview ZyXEL Wireless N300 NetUSB Router NBG-419N running firmware version 1.00BFQ.6C0, and possibly earlier versions, is susceptible to multiple vulnerabilities. Other device models that use similar firmware may also be vulnerable. Description ZyXEL Wireless N300 NetUSB Router NBG-419N running...

Jenkins HP Application Automation Tools Plugin Password Encryption Security Weakness

The remote host is using the Jenkins HP Application Automation tools plugin. Nessus was able to remotely access one or more unprotected files in the Jenkins build system and decrypt the HP Application Lifecycle Management password. These passwords are currently encrypted with a known, hard-coded...

ZTE ZXV10 W300 Wireless Router Hard-coded Password

Nessus was able to login to the remote device using a known hard-coded password prepended with a portion of the device's MAC address obtained from an SNMP request for the admin account. Attackers can exploit this vulnerability to gain full control of the device. TRUSTED...

NETGEAR Hard-coded Telnet Unlock Credentials

The remote NETGEAR device has a hard-coded set of credentials that can be sent in a specially encoded packet in order to unlock the telnet service and allow remote logins as the root user. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid72831; scriptversion"1.6";...

Synology DiskStation Manager VPN module hard-coded password vulnerability

Overview Synology DiskStation Manager VPN module contains a hard-coded password which cannot be changed. Description Synology DiskStation Manager 4.3-3810 update 1 and possibly earlier versions contain a VPN server module which contains a hard-coded password which cannot be changed. According to...

MOXA EDR-G903 Series Multiple Vulnerabilities

OVERVIEW This advisory provides mitigation details for vulnerabilities that impact Moxa EDR-G903 Series Routers. Independent researcher Neil Smith identified a hard-coded user account vulnerability and an insufficient entropy vulnerability in Moxa’s EDR-G903 series routers. By impersonating the...

360 Systems Image Server 2000 Series Remote Root Access

Overview This updated advisory is a follow-up to the original advisory titled ICSA-13-038-01—360 Systems Image Server 2000 Series Remote Root Access that was published March 06, 2013, on the ICS-CERT Web site. This advisory provides mitigation details for a vulnerability that impacts the 360...

Stem Innovation - IZON Hard-Coded Credentials

Stem Innovation - IZON Hard-Coded Credentials Stem Innovation ‘IZON’ Hard-coded Credentials CVE-2013-6236 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- Stem Innovation's IP camera called ‘IZON’ utilizes numerous hard-coded credentials within it...

Stem Innovation - 'IZON' Hard-Coded Credentials

Stem Innovation ‘IZON’ Hard-coded Credentials CVE-2013-6236 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- Stem Innovation's IP camera called ‘IZON’ utilizes numerous hard-coded credentials within its Linux distribution and also the hidden web...

Cisco Video Surveillance 4000 Series IP Camera Default Credential Vulnerability

A vulnerability in the analytics page of the Cisco Video Surveillance 4000 Series IP Camera could allow an unauthenticated, remote attacker to gain access to the analytics pages of a Cisco Video Surveillance 4000 Series IP Camera. The vulnerability is due to an undocumented user account with a...

Two Instagram Android App Security Vulnerabilities

Affected app: Instagram for Android Affected versions: 4.0.2 and 4.1.2, probably also earlier versions as well as iOS affected. Summary After the Instagram iOS vulnerability discovered last year 1, the app's HTTP API has been extended with a cryptographic authentication for changes like "likes" a...

PT-2013-91: Hard-Coded Access Credentials in Emerson DeltaV

The specialists of the Positive Research center have detected a Hard-Coded Access Credentials vulnerability in Emerson DeltaV. An attacker can connect to the application using Telnet and run commands or change settings. How to fix Update your sofware up to the latest version Advisory status...

Cisco Unified Computing System FTP User Vulnerability

A vulnerability in the FTP server of the Cisco Unified Computing System could allow an unauthenticated, adjacent attacker to view and modify files. The vulnerability is due to an undocumented user account with a hard-coded password. An attacker could exploit this vulnerability by accessing the FT...

[Binrev] Automate Reversing Windows Binaries for Pentesters

What you can do with this? Static analysis: you can do a basic manual code review for decompiled sources to discover hidden communication channels, search for hard-coded passwords, or SQL injection vulnerabilities. Import decompiled projects to an IDE to reconstruct and modify the original source...

Sitecom N300N600 Devices - Multiple Vulnerabilities

Sitecom N300N600 Devices - Multiple Vulnerabilities Multiple vulnerabilities on Sitecom N300/N600 devices ===================================================== ADVISORY INFORMATION Title: Multiple vulnerabilities on Sitecom N300/N600 devices Discovery date: 01/06/2013 Release date: 19/08/2013...

Sitecom Devices Hard-Coded Credentials (Telnet)

The remote Sitecom Device is using known hard-coded credentials. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...