The vulnerability of the “Blockhost-Net” information protection software allows a perpetrator to gain access to the protected information.

The vulnerability of the GIS.BlockPost.GUI application, a software tool for information protection, is related to the use of a symmetric encryption key defined in the program code. Exploiting this vulnerability could allow an attacker to decrypt files containing information about the program’s...

CVE-2021-27481

ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information...

CVE-2020-35137

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work aka com.mobileiron. The key is in com/mobileiron/registration/RegisterActivity.java and can be used for...

CVE-2020-35138

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demonstrated by Mobile@Work aka com.mobileiron. The key is in the...

PT-2021-11715 · Mobileiron · Mobileiron

Name of the Vulnerable Software and Affected Versions: MobileIron agents through 2021-03-22 for Android and iOS Description: The issue concerns a hardcoded API key used for communication with the MobileIron SaaS discovery API. This key is found in the...

PT-2021-11716 · Mobileiron · Mobileiron

Name of the Vulnerable Software and Affected Versions: MobileIron agents through 2021-03-22 for Android and iOS Description: The issue concerns a hardcoded encryption key used to encrypt username and password details during the authentication process. This key is located in the...

Ovarro TWinSoft 信任管理问题漏洞

Ovarro TWinSoft is an application platform from Ovarro Germany. One that can be used anytime, anywhere to access web features using its mobile devices and PCs. A security vulnerability exists in Ovarro TWinSoft that stems from TWinSoft's use of a custom hardcoded user TWinSoft with a hardcoded ke...

CVE-2020-13963

SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp which is a guest account...

CVE-2020-7846

Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page...

CVE-2020-25493

Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic...

CVE-2020-25493

Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic...

CVE-2021-27141

An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded j7aLyZ98sSd5HfSgGjMj8;Ss;d&^@$a2s0i3g key. The webs binary has details on how XOR is used...

Mofi Network MOFI4500-4GXeLTE 信任管理问题漏洞

The Mofi Network MOFI4500-4GXeLTE is a wireless router from Mofi Network. A security vulnerability exists in the Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The vulnerability stems from the fact that the Dropbear SSH daemon has been modified to accept an alternate hardcoded path to a public...

IBM Spectrum LSF 10.1 / 10.2 Hardcoded Eauth Key / Eauth Key Exposure Vulnerability

================================================================================ Multiple IBM Spectrum LSF Authentication Vulnerabilities Eauth - CVE-2020-4983 ================================================================================ Software: Spectrum LSF Vendor: IBM Affected Versions:...

PT-2021-2204 · Siemens · C-Plug +2

Name of the Vulnerable Software and Affected Versions: SCALANCE X-200 switch family incl. SIPLUS NET variants versions prior to V5.2.5 SCALANCE X-200IRT switch family incl. SIPLUS NET variants versions prior to V5.5.0 SCALANCE X-200RNA switch family versions prior to V3.2.7 Description: A...

Multiple Amino Product Trust Management Issue Vulnerabilities

Amino Communications AK45x series, among others, is a line of TV set-top box devices from Amino UK. A security vulnerability exists in a number of Amino Communications products that originates from a root user hard-coded SSH key, which can be exploited by an attacker to remotely login via SSH. Th...

Siemens LOGO! 8 BM Hardcoded Encryption Key Vulnerability

Siemens LOGO! 8 BM is a programming software for industrial environments for the Windows platform from Siemens Germany. A security vulnerability exists in Siemens LOGO! 8 BM, which can be exploited by an attacker to obtain a private RSA key used to encrypt communications with a device, resulting ...

CVE-2020-29063

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. ...

CVE-2020-27181

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files...

CVE-2020-27181

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files...