566 matches found
CVE-2023-46919
Phlox com.phlox.simpleserver aka Simple HTTP Server 1.8 and com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K AES encryption key. An attacker with physical access to the application's source code or binary can extract this key & use it...
CVE-2023-46919
Phlox com.phlox.simpleserver aka Simple HTTP Server 1.8 and com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K AES encryption key. An attacker with physical access to the application's source code or binary can extract this key & use it...
PT-2023-30262 · Phlox · Simple Http Server Plus +1
Name of the Vulnerable Software and Affected Versions: Phlox com.phlox.simpleserver aka Simple HTTP Server version 1.8 com.phlox.simpleserver.plus aka Simple HTTP Server PLUS version 1.8.1-plus Description: The issue is related to a hardcoded encryption key, specifically aKySWb2jjrr4dzkYXczKRt7K,...
Authentication bypass vulnerability in navidrome's subsonic endpoint
Summary A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token JWT signed with the key "not so secret". The vulnerability can only be exploited o...
Siemens RUGGEDCOM and SCALANCE M-800/S615 Family
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
CVE-2023-40300
NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key...
CVE-2023-40300
NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key...
PT-2023-27368 · Netscout · Netscout Ngeniuspulse
Name of the Vulnerable Software and Affected Versions: NETSCOUT nGeniusPULSE version 3.8 Description: The issue is related to a hardcoded cryptographic key in the software. This could potentially allow unauthorized access or decryption of sensitive data. Recommendations: For NETSCOUT nGeniusPULSE...
CVE-2023-48055
SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications...
CVE-2023-48055
SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications...
CVE-2023-48055
CVE-2023-48055 affects SuperAGI v0.0.13. The root cause is use of a hardcoded key for encryption operations, leading to potential disclosure of information and communications. Public sources consistently describe the impact as information disclosure due to cryptographic misuse. The connected docu...
CVE-2023-44318
Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the...
CVE-2023-44318
Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the...
CVE-2023-44318
Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the...
CVE-2023-44318
CVE-2023-44318 affects Siemens SCALANCE and RUGGEDCOM devices (e.g., SCALANCE XB205-3, M-series, S615, RM1224, etc.) where a hard-coded cryptographic key obfuscates configuration backups. This allows an authenticated admin or someone with a backup to extract configuration information from the exp...
PT-2023-6990 · Siemens · Scalance Xb205-3
Name of the Vulnerable Software and Affected Versions: SCALANCE XB205-3 SC, PN versions prior to V4.5 SCALANCE XB205-3 ST, E/IP versions prior to V4.5 Description: The issue is related to the use of a hardcoded cryptographic key in the software of industrial switches. This could allow a remote...
CVE-2023-31579
Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token...
PT-2023-23394 · Dromara · Dromara Lamp-Cloud
Name of the Vulnerable Software and Affected Versions: Dromara Lamp-Cloud versions prior to 3.8.1 Description: The issue is related to the use of a hardcoded cryptographic key when creating and verifying a Json Web Token. This allows attackers to authenticate to the application via a crafted JWT...
Sureness uses hardcoded key
Dromara Sureness before v1.0.8 was discovered to use a hardcoded key...
GHSA-3J2F-58RQ-G6P7 Sureness uses hardcoded key
Dromara Sureness before v1.0.8 was discovered to use a hardcoded key...