Lucene search
K

8070 matches found

CNNVD
CNNVD
added 2021/11/10 12:0 a.m.4 views

Airangel Hsmx Gateway 信任管理问题漏洞

Airangel Hsmx Gateway is a platform from Airangel UK, Inc. A hard-coded credential vulnerability exists in versions of Airangel Hsmx Gateway prior to 5.2.04, which stems from the use of PostgreSQL database credentials hard-coded in the configuration file. An attacker could steal this credential t...

10CVSS5.6AI score0.01105EPSS
Exploits1References3
NVD
NVD
added 2021/11/09 11:15 p.m.14 views

CVE-2021-43575

KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility of the ETS to securely store cryptographic...

5.5CVSS0.00313EPSS
Exploits1References1
OSV
OSV
added 2021/11/09 11:15 p.m.2 views

CVE-2021-43575

KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility of the ETS to securely store cryptographic...

5.5CVSS5.8AI score0.00313EPSS
Exploits1References1
CVE
CVE
added 2021/11/09 10:45 p.m.46 views

CVE-2021-43575

CVE-2021-43575 affects KNX ETS6 up to version 6.0.0, where a hard-coded password (ETS5Password) and a salt (Ivan Medvedev) enable local users to read project information. This mirrors CVE-2021-36799 for ETS5, and Red Hat entries confirm the vulnerability details and vendor dispute over cryptograp...

5.5CVSS6.8AI score0.00313EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/11/09 10:45 p.m.25 views

CVE-2021-43575

KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility of the ETS to securely store cryptographic...

6.5AI score0.00313EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/11/09 12:0 a.m.3 views

Ets5 Password Recovery 信任管理问题漏洞

Ets5 Password Recovery is an open source Poc for CVE-2021-36799 by Robert Gutzkow Individual Developer. Ets5 Password Recovery suffers from a trust management issue vulnerability that stems from the software's use of the hard-coded password ETS5Password with a salt value of Ivan Medvedev, which...

8.8CVSS6.7AI score0.00418EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2021/11/09 12:0 a.m.3 views

PT-2021-23880 · Knx Ets · Knx Ets

Name of the Vulnerable Software and Affected Versions: KNX ETS versions 6.0.0 and earlier Description: The issue allows local users to read project information due to the use of a hard-coded password ETS5Password with a salt value of Ivan Medvedev. This is similar to a previously identified issue...

5.5CVSS6.7AI score0.00313EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/11/09 12:0 a.m.7 views

FORT-validator 安全漏洞

FORT-validator is an RPKI validator and RTR server that is part of the FORT project. FORT-validator has a security vulnerability that stems from the lack of an effective trust management mechanism in a networked system or product. An attacker can exploit default or hard-coded passwords, hard-code...

7.5CVSS7.2AI score0.01095EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/11/08 12:0 a.m.3 views

LPAR2RRD 安全漏洞

Xorux LPAR2RRD is a server monitoring tool from the Czech company Xorux. A security vulnerability exists in lpar2rrd, which stems from the fact that lpar2rrd is a hard-coded system account in XoruX lpar2rrd and STOR2RRD before 7.30...

9.8CVSS8.3AI score0.01508EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2021/11/03 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-29583

Zyxel firewalls ATP, USG, VM and AP Controllers NXC2500 and NXC5500 contain a use of hard-coded credentials vulnerability in an undocumented account "zyfwp" with an unchangeable password...

10CVSS7.5AI score0.90049EPSS
Exploits2References1
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.14 views

EyesOfNetwork Use of Hard-Coded Credentials Vulnerability

EyesOfNetwork contains a use of hard-coded credentials vulnerability, as it uses the same API key by default. Exploitation allows an attacker to calculate or guess the admin access token...

9.8CVSS8.9AI score0.91874EPSS
In wildExploits4
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.25 views

Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability

Zyxel firewalls ATP, USG, VM and AP Controllers NXC2500 and NXC5500 contain a use of hard-coded credentials vulnerability in an undocumented account "zyfwp" with an unchangeable password...

10CVSS8.9AI score0.90049EPSS
In wildExploits2
VulnCheck KEV
VulnCheck KEV
added 2021/11/03 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-8657

EyesOfNetwork contains a use of hard-coded credentials vulnerability, as it uses the same API key by default. Exploitation allows an attacker to calculate or guess the admin access token...

9.8CVSS7.3AI score0.91874EPSS
Exploits4References1
ICS
ICS
added 2021/10/28 12:0 a.m.40 views

Sensormatic Electronics victor

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls, Inc. Equipment: victor Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

9.8CVSS9.4AI score0.28953EPSS
Exploits1References5
Zero Day Initiative
Zero Day Initiative
added 2021/10/27 12:0 a.m.15 views

(0Day) Vinchin Backup and Recovery Use of Hard-coded Credentials Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of API access keys. The issue results from the use of a hard-cod...

9.8CVSS1.9AI score
Exploits0
AlpineLinux
AlpineLinux
added 2021/10/25 10:5 p.m.33 views

CVE-2021-41105

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. When handling SRTP calls, FreeSWITCH prior to version 1.10.7 is susceptible to a DoS where calls can be terminated...

7.5CVSS7.5AI score0.0244EPSS
Exploits3
OSV
OSV
added 2021/10/22 12:15 p.m.3 views

CVE-2021-38461

The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries...

8.2CVSS7.2AI score0.00515EPSS
Exploits0References1
NVD
NVD
added 2021/10/22 12:15 p.m.15 views

CVE-2021-38461

The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries...

8.2CVSS0.00515EPSS
Exploits0References1
Prion
Prion
added 2021/10/22 12:15 p.m.21 views

Hardcoded credentials

The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries...

6.4CVSS8.7AI score0.00515EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/10/22 12:0 a.m.3 views

PT-2021-22135 · Auvesy · Versiondog

Name of the Vulnerable Software and Affected Versions: No specific software or version is mentioned, so the information cannot be provided. Description: The issue concerns the use of a hard-coded blowfish key in encryption and decryption processes. This key can be easily extracted from binaries,...

8.2CVSS8.1AI score0.00515EPSS
Exploits0References3
Rows per page
Query Builder