Hardcoded credentials

Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/loginpar.js...

D-Link DIR-850L Backdoor Account / Hardcoded Credentials (Telnet)

The D-Link DIR-850L router has a backdoor account with hardcoded credentials. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

StaCoAn - Crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications. This tool will look for interesting lines in the code which can contain: Hardcoded credentials API keys URL's of API's Decryption keys Major coding...

Hardcoded credentials

Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative privileges. The affected account is "apollosuperuser." An attacker with local access to the server where D...

Hardcoded credentials

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and gain administrator privileges because the use of hardcoded credentials...

CVE-2018-7229

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and gain administrator privileges because the use of hardcoded credentials...

CVE-2018-7229

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and gain administrator privileges because the use of hardcoded credentials...

CVE-2018-7229

The CVE-2018-7229 entry affects Schneider Electric’s Pelco Sarix Professional video surveillance devices. All firmware versions prior to 3.29.67 are vulnerable to an unauthenticated, remote attacker who can bypass authentication and obtain administrator privileges due to the use of hardcoded cred...

CVE-2018-7229

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and gain administrator privileges because the use of hardcoded credentials...

Hardcoded credentials

Softing FG-100 PB PROFIBUS firmware version FG-x00-PBV2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session...

Hardcoded credentials

Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID verification by special operation. Successf...

Hardcoded credentials

backupmgt/preconnectcheck.php in Seagate BlackArmor NAS contains a hard-coded password of '!@$$%FREDESWWSED' for a backdoor user...

Hardcoded credentials

A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found...

Hardcoded credentials

A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found...

Hardcoded credentials

A Use of Hard-coded Password issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. Telnet on the pump uses hardcoded credentials, which can be used if the pump is configured to allow external communications. Smiths Medical assesses that i...

CVE-2017-12724

A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump contains hardcoded credentials, which are not fully initialized. The FTP server is only accessible if the pump is configured ...

Open Source Static Code Analyser: StaCoAn

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications. This tool will look for interesting lines in the code which can contain: Hardcoded credentials API keys URL’s of API’s Decryption keys Major coding...

Vobot Clock root privileges hardcoded SSH credentials vulnerability

The Vobot Clock is a smart bedside alarm clock equipped with Amazon Alexa, Sleep Coach and Daily Routine programs. VOBOT CLOCK Versions prior to 0.99.30 are vulnerable to a root privilege hardcoded SSH credentials vulnerability.The SSH server has hardcoded vobot user accounts and passwords with...

Hardcoded credentials

VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information, and consequently execute arbitrary code, via a crafted certificate, as demonstrated by leveraging a hardcoded...

Hardcoded credentials

An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded vobot account that has root access...