561 matches found
CVE-2024-45165
CVE-2024-45165 affects UCI IDOL 2 (IDOL2) up to version 2.12. The issue is that the client–server encryption uses a static, hardcoded key derived from the string “(c)2007 UCI Software GmbH B.Boll.” This enables an attacker with access to the messages to decrypt and re-encrypt traffic, enabling pa...
PT-2024-31448 · Uci Software Gmbh · Uci Idol 2
Name of the Vulnerable Software and Affected Versions: UCI IDOL 2 versions through 2.12 Description: An issue was discovered in the encryption mechanism used by UCI IDOL 2. Data sent between the client and server is encrypted, but the key is derived from a static string "c2007 UCI Software GmbH...
Ewon Cosy+ Hardcoded Key
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-032 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Versions: Firmware Versions: 21.2s10 and 22.1s3 Tested Versions: Firmware Version: 21.2s7 Vulnerability Type: Use of Hard-coded Cryptographic Key CWE-32...
CVE-2023-20512
A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage...
PT-2024-11949 · Pmfw · Pmfw
Name of the Vulnerable Software and Affected Versions: PMFW affected versions not specified Description: A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage. Recommendations: At the moment, there is...
CVE-2023-48396
Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affect...
CVE-2023-48396
Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affect...
CVE-2024-36526
ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key...
CVE-2024-36526
ZKTeco ZKBio CVSecurity v6.1.1 is affected by a hardcoded cryptographic key (CVE-2024-36526). The Red Hat advisory and CNNVD entries corroborate the same issue. The vulnerability stems from a hardcoded key in CVSecurity 6.1.1, enabling high-severity impact per CVSS 3.1 (Critical, with high confid...
PT-2024-27047 · Zkteco · Zkbio Cvsecurity
Name of the Vulnerable Software and Affected Versions: ZKTeco ZKBio CVSecurity version 6.1.1 Description: A hardcoded cryptographic key was discovered in the software. Recommendations: For ZKTeco ZKBio CVSecurity version 6.1.1, consider updating to a newer version that does not contain the...
CVE-2024-27160
All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for th...
CVE-2024-27161
all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An attacker can decrypt the encrypted files using the hardcoded key. Insecure algorithm is used for the encryption. This vulnerability can be executed in combination with other vulnerabilities and difficult t...
CVE-2024-27159
All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for th...
CVE-2024-27161 Hardcoded password used to encrypt files
all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An attacker can decrypt the encrypted files using the hardcoded key. Insecure algorithm is used for the encryption. This vulnerability can be executed in combination with other vulnerabilities and difficult t...
CVE-2024-27161
CVE-2024-27161 concerns Toshiba multifunction printers (MFPs) with programs containing a hardcoded key used to encrypt files. The root cause is the use of a hardcoded credential and insecure encryption, allowing an attacker who can access the device to decrypt stored/files by using that key. Seve...
CVE-2024-27160
CVE-2024-27160 affects Toshiba printers. A shell script on affected devices uses a hardcoded key to encrypt logs, allowing an attacker with local access to decrypt encrypted files. Multiple sources corroborate a vulnerability in Toshiba MFPs involving hardcoded credentials/weak crypto, with impac...
CVE-2024-27159
CVE-2024-27159 affects Toshiba printers with a shell script that uses a hardcoded key to encrypt logs. An attacker with local access can decrypt the encrypted logs using that key. The issue is documented across multiple sources (CVE record, OpenVAS, and vendor advisories) with remediation guidanc...
CVE-2024-27159 Hardcoded password used to encrypt logs
All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for th...
PT-2024-21691 · Toshiba · Toshiba Printers
Name of the Vulnerable Software and Affected Versions: Toshiba printers affected versions not specified Description: The issue concerns a shell script in Toshiba printers that uses a hardcoded key for log encryption. An attacker can exploit this by decrypting the encrypted files using the hardcod...
PT-2024-21693 · Toshiba · Toshiba Printers
Name of the Vulnerable Software and Affected Versions: Toshiba printers affected versions not specified Description: The issue concerns a shell script in Toshiba printers that uses a hardcoded key for log encryption. An attacker can exploit this by decrypting the encrypted files using the hardcod...