202 matches found
CVE-2020-12627
Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX RXHH!jmNLWX/,?RT' hardcoded secret key...
Hardcoded credentials
Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX RXHH!jmNLWX/,?RT' hardcoded secret key...
CVE-2020-12627
Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX RXHH!jmNLWX/,?RT' hardcoded secret key...
PT-2020-13173 · Calibre · Calibre-Web
Name of the Vulnerable Software and Affected Versions: Calibre-Web version 0.6.6 Description: The issue allows authentication bypass due to a hardcoded secret key 'A0Zr98j/3yX RXHH!jmNLWX/,?RT'. Recommendations: For Calibre-Web version 0.6.6, update the secret key to a unique and secure value to...
Huawei EulerOS: Security Advisory for pki-core (EulerOS-SA-2017-1183)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-7212
SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists...
CVE-2019-7212
SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists...
CVE-2019-7212
SmarterTools SmarterMail 16.x before build 6985 is affected by a hardcoded secret key vulnerability that enables an unauthenticated actor to access other users’ emails and file attachments and to interact with mailing lists. Root cause: hardcoded credentials in the product. Affected component: Sm...
Authentication Bypass
pki-core is vulnerable to authentication bypass attacks. The vulnerability exists as it was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the...
CA Unified Infrastructure Management < 8.48 / 8.53 Multiple Vulnerabilities (CA20180829-02)
According to its self-reported version number from the CA Unified Infrastructure Management UIM application running on the remote host is prior to 8.48 or 8.53. It is, therefore, affected by multiple vulnerabilities : - A hardcoded secret key exists that could allow information disclosure...
CVE-2018-13819
A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information...
CVE-2018-13819
A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information...
CVE-2018-13819
A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information...
CVE-2018-13819
CA Unified Infrastructure Management (UIM) versions 8.5.1, 8.5, and 8.4.7 contain a hardcoded secret key that could allow an attacker to access sensitive information. This CVE (CVE-2018-13819) is corroborated by the NVD entry and the CA/Tenable advisories, which also reference additional vulnerab...
CVE-2017-7537
It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates...
DEBIAN-CVE-2017-7537
It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates...
UBUNTU-CVE-2017-7537
It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates...
CVE-2017-7537
It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates...
EulerOS 2.0 SP2 : pki-core (EulerOS-SA-2017-1184)
According to the version of the pki-core packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package. An attack...
RedHat Update for pki-core RHSA-2017:2335-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...