578 matches found
PT-2023-23397 · Dromara · Dromara Sureness
Name of the Vulnerable Software and Affected Versions: Dromara Sureness versions prior to 1.0.8 Description: The issue is related to the use of a hardcoded key in Dromara Sureness. Recommendations: For versions prior to 1.0.8, update to version 1.0.8 or later to resolve the issue...
AudioCodes VoIP Phones Hardcoded Key
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2022-054 Product: AudioCodes VoIP Phones Manufacturer: AudioCodes Ltd. Affected Versions: Firmware Versions = 3.4.8.M4 Tested Versions: Firmware Version 3.4.4.1000 Vulnerability Type: Use of Hard-coded Cryptographic Key CWE-321 Ris...
PT-2023-7583 · Aleos · Aleos
Name of the Vulnerable Software and Affected Versions: ALEOS versions 4.16.0 and earlier Description: The issue is related to the use of a hardcoded SSL certificate and private key in several versions of ALEOS. This could allow an attacker with access to these items to perform a man-in-the-middle...
CVE-2023-33371
Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication...
CVE-2023-33371
Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication...
PT-2023-24320 · Control Id · Idsecure
Name of the Vulnerable Software and Affected Versions: Control ID IDSecure versions 4.7.26.0 and prior Description: The issue allows attackers to sign arbitrary session tokens and bypass authentication due to the use of a hardcoded cryptographic key for signing and verifying JWT session tokens...
PT-2023-26960 · WordPress · Video Conferencing With Zoom
Name of the Vulnerable Software and Affected Versions: Video Conferencing with Zoom plugin for WordPress versions up to, and including, 4.2.1 Description: The issue is related to Sensitive Information Exposure due to a hardcoded encryption key in the vczapi encrypt decrypt function. This allows...
CVE-2023-3342
The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'uruploadprofilepic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with...
CVE-2023-34130
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm TEA with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...
CVE-2023-34130
CVE-2023-34130 affects SonicWall GMS (versions 9.3.2-SP1 and earlier) and SonicWall Analytics (versions 2.5.0.4-R7 and earlier). The root cause is use of an outdated encryption algorithm (TEA) with a hardcoded key to encrypt sensitive data, per the CVE description. The NVD metrics indicate a CRIT...
CVE-2023-34130
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm TEA with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...
CVE-2023-34130
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm TEA with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...
PT-2023-24339 · WordPress · User Registration
Name of the Vulnerable Software and Affected Versions: User Registration plugin for WordPress versions up to, and including, 3.0.2 Description: The issue arises from a hardcoded encryption key and missing file type validation on the ur upload profile pic function. This allows authenticated...
WordPress Social Login And Register 7.6.4 Authentication Bypass Vulnerability
Description: WordPress Social Login and Register Discord, Google, Twitter, LinkedIn = 7.6.4 – Authentication Bypass Affected Plugin: WordPress Social Login and Register Discord, Google, Twitter, LinkedIn Plugin Slug: woocommerce-abandoned-cart Affected Versions: = 7.6.4 CVE ID: CVE-2023-2982 CVSS...
CVE-2023-3371
The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lockcontentformhandler' and 'displaypasswordform' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt an...
CVE-2023-28937
DataSpider Servista 4.4 and earlier is affected by a vulnerability where a cryptographic key is hard-coded into ScriptRunner and ScriptRunner for Amazon SQS. If an attacker with access to a target DataSpider Servista instance can obtain a Launch Settings file, they may operate with the user’s enc...
CVE-2023-21426
Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN...
PT-2023-18193 · Smr · Smr
Name of the Vulnerable Software and Affected Versions: SMR versions prior to Jan-2023 Release 1 Description: A hardcoded AES key is used to encrypt card emulation PINs in NFC, allowing attackers to access the PIN. Recommendations: For versions prior to Jan-2023 Release 1, update to Jan-2023 Relea...
PT-2022-6464 · Mgt Commerce · Mgt-Commerce Cloudpanel
Name of the Vulnerable Software and Affected Versions: MGT-COMMERCE CloudPanel version 2.2.0 Description: The issue is related to the use of a static SSL certificate with a hardcoded cryptographic key in MGT-COMMERCE CloudPanel, which is shared across every installation. This could allow a remote...
PT-2022-10357 · Kaden · Kaden Picoflux Air
Name of the Vulnerable Software and Affected Versions: Kaden PICOFLUX AiR water meter affected versions not specified Description: The issue allows an adversary to read values from the device through wireless M-Bus mode 5, utilizing a hardcoded shared key, provided they are adjacent to the device...