CVE-2024-10773

The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain full access to the device...

CVE-2024-10773 SICK InspectorP61x, SICK InspectorP62x and SICK TiM3xx are vulnerable for pass-the-hash attacks

The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain full access to the device...

CVE-2024-10773

The CVE-2024-10773 entry affects SICK InspectorP61x, InspectorP62x and TiM3xx devices. Root cause: pass-the-hash attacks enabled by hardcoded hidden-user credentials, allowing an attacker to log in as hidden levels and gain full device access. Affected versions are InspectorP61x and InspectorP62x...

PT-2024-16533 · Sick · Sick Tim3Xx +2

Name of the Vulnerable Software and Affected Versions: SICK InspectorP61x versions affected versions not specified SICK InspectorP62x versions affected versions not specified SICK TiM3xx versions affected versions not specified Description: The product is vulnerable to pass-the-hash attacks in...

Improper Authentication

Overview cobbler is a network install server. Affected versions of this package are vulnerable to Improper Authentication due to the utils.getsharedsecret function. An attacker can gain full control of the server by connecting to the cobbler XML-RPC server using a hardcoded user and password...

The Problem of Permissions and Non-Human Identities - Why Remediating Credentials Takes Longer Than You Think

According to research from GitGuardian and CyberArk, 79% of IT decision-makers reported having experienced a secrets leak, up from 75% in the previous year's report. At the same time, the number of leaked credentials has never been higher, with over 12.7 million hardcoded credentials in public...

CVE-2024-51431

LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable...

CVE-2024-51431

LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable...

CVE-2024-51431

LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable...

PT-2024-8002 · Lb Link · Lb-Link Bl-Wr 1300H

Name of the Vulnerable Software and Affected Versions: LB-LINK BL-WR 1300H version 1.0.4 Description: The issue is related to hardcoded credentials stored in the /etc/shadow file of the LB-LINK BL-WR 1300H router. These credentials are easily guessable, which could allow a remote attacker to gain...

CVE-2024-51431

LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable...

CVE-2024-51431

The CVE-2024-51431 entry affects LB-LINK BL-WR 1300H v1.0.4, where hardcoded credentials are stored in /etc/shadow and are easily guessable. Public records (NVD and related feeds) consistently describe this as a credential exposure with high to critical impact potential (CVE details: high confide...

CVE-2024-28875

A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The backdoor string can be...

VulnCheck KEV: CVE-2024-28987

SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data...

CVE-2024-28812

An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service on the local management network interface with hardcoded credentials allows attackers to access the appliance operating system with highest privileges via an SSH connection...

CVE-2024-28812

An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service on the local management network interface with hardcoded credentials allows attackers to access the appliance operating system with highest privileges via an SSH connection...

CVE-2024-28809

An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers to access various appliance services via hardcoded credentials...

CVE-2024-28809

An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers to access various appliance services via hardcoded credentials...

CVE-2024-28809

An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers to access various appliance services via hardcoded credentials...

CVE-2024-28812

An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service on the local management network interface with hardcoded credentials allows attackers to access the appliance operating system with highest privileges via an SSH connection...