CVE-2020-35138

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demonstrated by Mobile@Work aka com.mobileiron. The key is in the...

Easergy Builder Hardcoded Encryption Key Plaintext Storage Vulnerability

Schneider Electric Easergy Builder is a set of configuration software for Easergy remote terminal units and controllers from Schneider Electric, France. A security vulnerability exists in Schneider Electric Easergy Builder version 1.4.7.2 and prior versions. An attacker could exploit the...

TP-LINK Cloud Cameras NCXXX Hardcoded Encryption Key Vulnerability

TP-LINK Cloud Cameras including products NC200, NC210, NC220, NC230, NC250, NC260, and NC450 suffer from having a hardcoded encryption key. The issue is located in the methods swSystemBackup and sym.swSystemRestoreFile, where a hardcoded encryption key is used in order to encrypt/decrypt a config...

CVE-2020-12110

Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304...

CVE-2020-12110

Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304...

CVE-2020-12110

TP-Link NCXXX Cloud Cameras (NC200, NC210, NC220, NC230, NC250, NC260, NC450) are affected by a hardcoded encryption key used to encrypt/decrypt config backups. The issue arises in swSystemBackup/swSystemRestoreFile using DES-ECB with modified s-boxes/permutation tables, enabling potential compro...

TP-LINK Cloud Cameras NCXXX Hardcoded Encryption Key

Vulnerability title: TP-LINK Cloud Cameras NCXXX Hardcoded Encryption Key Author: Pietro Oliva CVE: CVE-2020-12110 Vendor: TP-LINK Product: NC200, NC210, NC220, NC230, NC250, NC260, NC450 Affected version: NC200 = 2.1.9 build 200225, NC210 = 1.0.9 build 200304, NC220 = 1.3.0 build 200304, NC230 =...

Ubuntu 16.04 LTS : web2py vulnerabilities (USN-4030-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4030-1 advisory. It was discovered that web2py does not properly check denied hosts before verifying passwords. An attacker could possibly use this issue to perform...

CVE-2019-10920

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a hardcoded encryption key. The security vulnerability could be exploited by an unauthenticated attacker wi...

CVE-2019-10920

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a hardcoded encryption key. The security vulnerability could be exploited by an unauthenticated attacker wi...

Schneider Electric Trio J-Series License Free Ethernet Radio 3.6.0 <= 3.6.3 Hardcoded Encryption Key

Binary data 720035.prm...

GE Multilink Swtiches Hardcoded Encryption Key

Binary data 720053.prm...

CVE-2018-9073

Lenovo Chassis Management Module CMM prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets...

CMM Security Concerns - US

Lenovo Security Advisory: LEN-23806 Potential Impact: Information Disclosure; Hardcoded Encryption Key Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2018-9071, CVE-2018-9073 Summary: In a recent internal audit, Lenovo identified potential security vulnerabilities in the...

CMM Security Concerns - Lenovo Support US

No description provided...

MensaMax 4.3 Hardcoded Encryption Key Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 e2 Security GmbH Advisory 2018-01 Unencrypted transmission and usage of hardcoded encryption key Overview Advisory ID: E2SA-2018-01 Advisory Version: 1.0 Advisory Status: Public Advisory URL: https://advisories.e2security.de/2018/E2SA-2018-01.txt...

CVE-2016-3953

The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function...

CVE-2016-3684

SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption key to protect stored data, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of this key, aka SAP Security Note 2282338...

CVE-2016-3684

SAP Download Manager (versions up to 2.1.142) stores sensitive values in a configuration file encrypted with a hard-coded key. On Windows/Mac, the key combines the BIOS serial with a fixed key; on Linux/other platforms, the key is a fixed hard-coded value. This enables context-dependent attackers...

CVE-2015-6846

EMC SourceOne Email Supervisor prior to version 7.2 contains hardcoded encryption keys, enabling an attacker to gain access by inspecting cryptographic operations in the program. This CVE (CVE-2015-6846) is documented in multiple feeds (NVD, CVE listings) with a common description of hardcoded ke...