Hardcoded credentials

Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices...

Hardcoded credentials

Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the attacker to take full control of the system from any location...

Hardcoded credentials

An issue was discovered on Wifi-soft UniBox controller 3.x devices. The tools/controller/diagnostictoolscontroller Diagnostic Tools Controller is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authenticati...

Hardcoded credentials

An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. network/mesh/edit-nds.php is vulnerable to arbitrary file upload, allowing an attacker to upload .php files and execute code on the server with root user privileges. Authentication for accessing this component can be...

CVE-2018-17500

Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information...

Hardcoded credentials

Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information...

Hardcoded credentials

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces...

GPON Router Hardcoded Credentials Vulnerability

GPON Gigabit-Capable PON technology is the latest generation of broadband passive optical integrated access standard based on the ITU-TG.984.x standard. Gigabit-Capable PON GPON technology is the latest generation of broadband passive optical integrated access standard based on ITU-TG.984.x...

Hardcoded credentials

IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM...

Hardcoded credentials

Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...

Hardcoded credentials

An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page...

Oracle MAF store bypass, a how-to

On a recent assignment I was asked to look at the security of a cloud-based solution for expenses, the Oracle® ExpensesCloud with Fusion applications. It was being used for employees to create/save/edit/submit claims to the employer. TL;DR Having default hardcoded credentials allows an attacker...

Hardcoded credentials

The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decryp...

Hardcoded credentials

LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges...

Hardcoded credentials

IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153633...

IDenticard PremiSys Hardcoded Backdoor Account (CVE-2019-3906)

Hardcoded Backdoor Account exist in the IDenticard PremiSys . The vulnerability is due to service contains hardcoded credentials. Successful exploitation can allow admin access to the service via the Premisys WCF Service endpoint...

Hardcoded credentials

Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account in viewpoint-portal\conf\server.xml that could potentially be exploited by malicious users to compromise the affected system...

LAquis SCADA Web Server Hardcoded Credentials Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests to the product's webserver. The product contains...

Hardcoded credentials

AGPS session failure in GNSS module due to cyphersuites are hardcoded and needed manual update everytime in snapdragon mobile and snapdragon wear in versions MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 835, SD 845, SD 850...

CVE-2019-3906

Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents...