8070 matches found
Airangel Hsmx Gateway 信任管理问题漏洞
Airangel Hsmx Gateway is a platform from Airangel UK, Inc. A hard-coded credential vulnerability exists in versions of Airangel Hsmx Gateway prior to 5.2.04, which stems from the use of PostgreSQL database credentials hard-coded in the configuration file. An attacker could steal this credential t...
CVE-2021-43575
KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility of the ETS to securely store cryptographic...
CVE-2021-43575
KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility of the ETS to securely store cryptographic...
CVE-2021-43575
CVE-2021-43575 affects KNX ETS6 up to version 6.0.0, where a hard-coded password (ETS5Password) and a salt (Ivan Medvedev) enable local users to read project information. This mirrors CVE-2021-36799 for ETS5, and Red Hat entries confirm the vulnerability details and vendor dispute over cryptograp...
CVE-2021-43575
KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility of the ETS to securely store cryptographic...
Ets5 Password Recovery 信任管理问题漏洞
Ets5 Password Recovery is an open source Poc for CVE-2021-36799 by Robert Gutzkow Individual Developer. Ets5 Password Recovery suffers from a trust management issue vulnerability that stems from the software's use of the hard-coded password ETS5Password with a salt value of Ivan Medvedev, which...
PT-2021-23880 · Knx Ets · Knx Ets
Name of the Vulnerable Software and Affected Versions: KNX ETS versions 6.0.0 and earlier Description: The issue allows local users to read project information due to the use of a hard-coded password ETS5Password with a salt value of Ivan Medvedev. This is similar to a previously identified issue...
FORT-validator 安全漏洞
FORT-validator is an RPKI validator and RTR server that is part of the FORT project. FORT-validator has a security vulnerability that stems from the lack of an effective trust management mechanism in a networked system or product. An attacker can exploit default or hard-coded passwords, hard-code...
LPAR2RRD 安全漏洞
Xorux LPAR2RRD is a server monitoring tool from the Czech company Xorux. A security vulnerability exists in lpar2rrd, which stems from the fact that lpar2rrd is a hard-coded system account in XoruX lpar2rrd and STOR2RRD before 7.30...
VulnCheck KEV: CVE-2020-29583
Zyxel firewalls ATP, USG, VM and AP Controllers NXC2500 and NXC5500 contain a use of hard-coded credentials vulnerability in an undocumented account "zyfwp" with an unchangeable password...
EyesOfNetwork Use of Hard-Coded Credentials Vulnerability
EyesOfNetwork contains a use of hard-coded credentials vulnerability, as it uses the same API key by default. Exploitation allows an attacker to calculate or guess the admin access token...
Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability
Zyxel firewalls ATP, USG, VM and AP Controllers NXC2500 and NXC5500 contain a use of hard-coded credentials vulnerability in an undocumented account "zyfwp" with an unchangeable password...
VulnCheck KEV: CVE-2020-8657
EyesOfNetwork contains a use of hard-coded credentials vulnerability, as it uses the same API key by default. Exploitation allows an attacker to calculate or guess the admin access token...
Sensormatic Electronics victor
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls, Inc. Equipment: victor Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...
(0Day) Vinchin Backup and Recovery Use of Hard-coded Credentials Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of API access keys. The issue results from the use of a hard-cod...
CVE-2021-41105
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. When handling SRTP calls, FreeSWITCH prior to version 1.10.7 is susceptible to a DoS where calls can be terminated...
CVE-2021-38461
The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries...
CVE-2021-38461
The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries...
Hardcoded credentials
The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries...
PT-2021-22135 · Auvesy · Versiondog
Name of the Vulnerable Software and Affected Versions: No specific software or version is mentioned, so the information cannot be provided. Description: The issue concerns the use of a hard-coded blowfish key in encryption and decryption processes. This key can be easily extracted from binaries,...