in leantime/leantime

✍️ Description In the source code of the application, the Secret Hash value and the initialization vector is being hardcoded. 🕵️‍♂️ Proof of Concept In the following code snippet, we can see the hard-coded secret hash and IV. private $encryptionMethod = 'AES-256-CBC'; private $secrethash =...

MIK.starlight has unspecified vulnerabilities

MIK.starlight is the departmental access and creation dashboard, reporting and planning environment. A security vulnerability exists in MIK.starlight version 7.9.5.24363, which stems from the use of hard-coded keys in the software, which allows an attacker to decrypt credentials via an unspecifie...

CVE-2021-36234

Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors...

CVE-2021-36234

CVE-2021-36234 affects the MIK.starlight 7.9.5.24363 release. The root cause is a hard-coded cryptographic key , which could allow local attackers to decrypt credentials via unspecified vectors. The impact described across sources indicates a confidential data exposure risk (credentials decrypted...

CVE-2021-36234

Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors...

CVE-2021-34565

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials...

CVE-2021-34565

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials...

CVE-2021-34565 In WirelessHART-Gateway versions 3.0.7 to 3.0.9 hard-coded credentials have been found

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials...

CVE-2021-34565

The CVE-2021-34565 vulnerability affects Pepperl+Fuchs WirelessHART-Gateway versions 3.0.7–3.0.9, where SSH and Telnet services run with hard-coded credentials. This is reported with high impact: remote access to the gateway could be obtained (CVSS v3.1 base score 9.8). Public advisories (ICS/CIS...

IBM Sterling Secure Proxy Hardcoded Credentials Vulnerability

IBM Sterling Secure Proxy creates a security barrier for trusted networks by preventing direct connections between external partners and internal servers. IBM Sterling Secure Proxy versions 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contain a hard-coded credential vulnerability. An attacker could use thi...

MIK.starlight 信任管理问题漏洞

MIK.starlight is the departmental access and creation dashboard, reporting and planning environment. A security vulnerability exists in MIK.starlight version 7.9.5.24363, which stems from the use of hard-coded keys in the software, which allows an attacker to decrypt credentials via an unspecifie...

Pepperl Fuchs WirelessHART-Gateway 信任管理问题漏洞

The Pepperl Fuchs WirelessHART-Gateway is a gateway device from Pepperl Fuchs, Germany. A trust management issue vulnerability exists in Pepperl Fuchs WirelessHART-Gateway versions 3.0.7 through 3.0.9, which arises when SSH and telnet services are active using hard-coded credentials...

PT-2021-20550 · Pepperl+Fuchs · Wirelesshart Gateway

Name of the Vulnerable Software and Affected Versions: PEPPERL+FUCHS WirelessHART-Gateway versions 3.0.7 through 3.0.9 Description: The issue concerns hard-coded credentials in the SSH and telnet services of the affected device. Recommendations: For versions 3.0.7 through 3.0.9, consider disablin...

CVE-2021-29728

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160...

CVE-2021-29728

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160...

CVE-2021-29728

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160...

CVE-2021-29728

CVE-2021-29728 affects IBM Sterling Secure Proxy/Sterling Proxy components. The connected documents confirm hard-coded credentials (passwords or keys) used for inbound authentication, outbound communication, or internal data encryption in versions 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2. Implications ...

PT-2021-18435 · Ibm · Ibm Sterling Secure Proxy

Name of the Vulnerable Software and Affected Versions: IBM Sterling Secure Proxy versions 2.4.3.2, 3.4.3.2, 6.0.1, 6.0.2 Description: The issue concerns hard-coded credentials, such as a password or cryptographic key, used for inbound authentication, outbound communication to external components,...

IBM Sterling Secure Proxy 信任管理问题漏洞

IBM Sterling Secure Proxy creates a security barrier for trusted networks by preventing direct connections between external partners and internal servers. IBM Sterling Secure Proxy versions 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contain a hard-coded credential vulnerability. An attacker could use thi...

Security Bulletin: Multiple Vulnerabilities Affect IBM Secure External Authentication Server

Summary There are multiple vulnerabilities in IBM Secure External Authentication Server. IBM Secure External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-29722 DESCRIPTION: IBM Sterling Secure Proxy uses weaker than expected cryptographic algorith...