8072 matches found
Katello uses hard coded credential
The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secrettoken value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary...
hard-coded slippage may freeze user funds during market turbulence (resubmit to downgrade severity)
Lines of code Vulnerability details Impact GeneralVault.solL125 GeneralVault set a hardcoded slippage control of 99%. However, the underlying yield tokens price may go down. If Luna/UST things happen again, users' funds may get locked. LidoVault.solL130-L137 Moreover, the withdrawal of the...
hard-coded slippage may freeze user funds during market turbulence
Lines of code Vulnerability details Impact GeneralVault.solL125 GeneralVault set a hardcoded slippage control of 99%. However, the underlying yield tokens price may go down. If Luna/UST things happen again, users' funds may get locked. LidoVault.solL130-L137 Moreover, the withdrawal of the...
Use of Hard-coded Cryptographic Key in Apache Tomcat
DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...
CVE-2022-1701
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data...
CVE-2022-1701
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data...
Hardcoded credentials
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data...
SonicWall SMA1000 series 信任管理问题漏洞
The SonicWall SMA1000 series is a family of secure mobile access solutions from SonicWall USA, Inc. simplifies end-to-end secure remote access to enterprise resources hosted across local, cloud and hybrid data centers. A security vulnerability exists in SonicWall SMA1000 series firmware version...
CVE-2022-27172
A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-27172
A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-27172
A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-27172
CVE-2022-27172 affects InHand Networks InRouter302 (V3.5.37). Talos and CNVD/CVE records confirm a hard-coded password vulnerability in the console infactory functionality that enables privileged operation execution when a crafted network sequence is sent. The vulnerability is demonstrated by a p...
PT-2022-2958 · Sonicwall · Sonicwall Sma1000
Name of the Vulnerable Software and Affected Versions: SonicWall SMA1000 series firmware versions 12.4.0, 12.4.1-02965 and earlier Description: The issue is related to the use of a shared and hard-coded encryption key to store data. This could allow an attacker to disclose protected information...
USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 - Remote Root Backdoor
Exploit Title: USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 - Remote Root Backdoor Exploit Author: LiquidWorm !/usr/bin/env python3 USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor Vendor: Jinan USR IOT Technology Limited Product web page: https://www.pusr.com |...
CVE-2022-30234
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...
InHand Networks InRouter302 信任管理问题漏洞
InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. InHand Networks InRouter302 version 3.5.37 contains a hard-coded credential vulnerability that could be exploited by an attacker to send specially crafted network requests that could lead to the execution of...
InHand Networks InRouter302 console infactory hard-coded password vulnerability
Summary A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested...
Automation 360 信任管理问题漏洞
Automation 360 is a cloud-native end-to-end intelligent automation platform. A security vulnerability exists in Automation 360 version 22 that stems from a hard-coded encryption key that can decrypt exported RPA packages...
Apache Doris Information Disclosure Vulnerability
Apache Doris is a modern MPP analytics database product from the Apache Foundation, USA. An information disclosure vulnerability exists in versions of Apache Doris prior to 1.0.0, which stems from the use of hard-coded keys and IVs to initialize the cipher used for ldap passwords. An attacker cou...
Bender ebee 充电控制器 信任管理问题漏洞
The ebee is a charge controller from Bender. A security vulnerability exists in the Bender ebee Charge Controller that stems from the susceptibility to hard-coded credentials. An attacker may be able to use a password to gain administrative access to the Web UI. The following products and version...