PT-2024-16156 · WordPress · Ce21 Suite

Name of the Vulnerable Software and Affected Versions: CE21 Suite plugin for WordPress versions up to, and including, 2.2.0 Description: The issue is due to a hardcoded encryption key in the ce21 authentication phrase function, allowing unauthenticated attackers to log in as any existing user on...

Fortinet Fortigate Hardcoded symmetric key in fips.c (FG-IR-19-007)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the FG-IR-19-007 advisory. - Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an...

PT-2024-33138 · Neye3C · Neye3C

Name of the Vulnerable Software and Affected Versions: Neye3C version 4.5.2.0 Description: A hardcoded encryption key was found in the firmware update mechanism, which could potentially be exploited. Recommendations: For version 4.5.2.0, consider updating the firmware to a version that does not...

CVE-2024-46612

IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information...

CVE-2024-46612

IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information...

PT-2024-32076 · Icecms · Icecms

Name of the Vulnerable Software and Affected Versions: IceCMS versions 3.4.7 and earlier Description: The issue allows an attacker to forge JWT authentication information due to a hardcoded JWT key. Recommendations: For IceCMS versions 3.4.7 and earlier, update to a version that does not contain...

CVE-2023-41611

Victure PC420 1.1.39 was discovered to use a weak and partially hardcoded key to encrypt data...

PT-2024-12945 · Victure · Victure Pc420

Name of the Vulnerable Software and Affected Versions: Victure PC420 version 1.1.39 Description: The issue is related to the use of a weak and partially hardcoded key for data encryption. Recommendations: For Victure PC420 version 1.1.39, at the moment, there is no information about a newer versi...

CVE-2023-41611

CVE-2023-41611 affects Victure PC420 firmware version 1.1.39. Root cause: use of a weak, partially hardcoded key to encrypt data. Impact aligns with confidentiality issues; CVSS v3.1 base score 6.5 (Network, Low integrity/availability impact). Exploitation details are not provided in the document...

CVE-2023-41611

Victure PC420 1.1.39 was discovered to use a weak and partially hardcoded key to encrypt data...

CVE-2024-45165

CVE-2024-45165 affects UCI IDOL 2 (IDOL2) up to version 2.12. The issue is that the client–server encryption uses a static, hardcoded key derived from the string “(c)2007 UCI Software GmbH B.Boll.” This enables an attacker with access to the messages to decrypt and re-encrypt traffic, enabling pa...

PT-2024-31448 · Uci Software Gmbh · Uci Idol 2

Name of the Vulnerable Software and Affected Versions: UCI IDOL 2 versions through 2.12 Description: An issue was discovered in the encryption mechanism used by UCI IDOL 2. Data sent between the client and server is encrypted, but the key is derived from a static string "c2007 UCI Software GmbH...

Ewon Cosy+ Hardcoded Key

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-032 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Versions: Firmware Versions: 21.2s10 and 22.1s3 Tested Versions: Firmware Version: 21.2s7 Vulnerability Type: Use of Hard-coded Cryptographic Key CWE-32...

CVE-2023-20512

A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage...

PT-2024-11949 · Pmfw · Pmfw

Name of the Vulnerable Software and Affected Versions: PMFW affected versions not specified Description: A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage. Recommendations: At the moment, there is...

CVE-2023-48396

Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affect...

CVE-2023-48396

Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affect...

CVE-2024-36526

ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key...

CVE-2024-36526

ZKTeco ZKBio CVSecurity v6.1.1 is affected by a hardcoded cryptographic key (CVE-2024-36526). The Red Hat advisory and CNNVD entries corroborate the same issue. The vulnerability stems from a hardcoded key in CVSecurity 6.1.1, enabling high-severity impact per CVSS 3.1 (Critical, with high confid...

PT-2024-27047 · Zkteco · Zkbio Cvsecurity

Name of the Vulnerable Software and Affected Versions: ZKTeco ZKBio CVSecurity version 6.1.1 Description: A hardcoded cryptographic key was discovered in the software. Recommendations: For ZKTeco ZKBio CVSecurity version 6.1.1, consider updating to a newer version that does not contain the...