561 matches found
CVE-2025-55619
Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering...
CVE-2025-55619
Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering...
PT-2025-34450 · Reolink · Reolink
Name of the Vulnerable Software and Affected Versions: Reolink version 4.54.0.4.20250526 Description: The Reolink application contains a hardcoded encryption key and initialization vector. This allows an attacker to decrypt access tokens and web session tokens through reverse engineering...
CVE-2025-44954
RUCKUS SmartZone SZ before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account...
TP-Link Archer C50 router is vulnerable to configuration-file decryption
Overview The TP-Link Archer C50 router, which has reached End-of-Life EOL, contains a hardcoded encryption key in its firmware, enabling decryption of sensitive configuration files. This vulnerability allows attackers to trivially access administrative credentials, Wi-Fi passwords, and other...
CVE-2025-52373
Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file...
CVE-2025-52373
Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file...
CVE-2025-52373
Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file...
CVE-2025-52373
Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file...
CVE-2025-52373
Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file...
hMailServer 安全漏洞
hMailServer is an open source mail server from hMailServer Open Source. A security vulnerability exists in hMailServer version 5.8.6 and 5.6.9-beta, which stems from the use of a hard-coded key in Encryption.cs, which may lead to decryption of other server passwords...
CVE-2025-52374
Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections...
PT-2025-30302 · Unknown · Hmailserver
Name of the Vulnerable Software and Affected Versions: hMailServer versions 5.6.9-beta through 5.8.6 Description: The software uses a hardcoded cryptographic key in the Encryption.cs file. This allows an attacker to decrypt passwords for other servers stored in the hMailAdmin.exe.config file,...
CVE-2025-52374
The CVE-2025-52374 entry concerns hMailServer 5.8.6 and 5.6.9-beta. A hardcoded cryptographic key in Encryption.cs is cited as the root cause, enabling an attacker to decrypt passwords stored in hMailAdmin.exe.config and potentially access other hMailServer admin consoles that use configured conn...
CVE-2025-22463
A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password...
CVE-2025-22455
A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials...
CVE-2025-5353
A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials...
CVE-2025-5353
A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials...
CVE-2025-5353
A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials...
CVE-2025-22455
A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials...