CVE-2023-31581

CVE-2023-31581 affects Dromara Sureness prior to v1.0.8, where a hardcoded key is used in JSON Web Token creation and validation. This issue is documented across multiple sources (Red Hat advisory, CVE listings, OSV, GHSA) and is described as a security vulnerability in Sureness before 1.0.8. The...

CVE-2023-31581

Dromara Sureness before v1.0.8 was discovered to use a hardcoded key...

CVE-2023-31581

Dromara Sureness before v1.0.8 was discovered to use a hardcoded key...

PT-2023-23397 · Dromara · Dromara Sureness

Name of the Vulnerable Software and Affected Versions: Dromara Sureness versions prior to 1.0.8 Description: The issue is related to the use of a hardcoded key in Dromara Sureness. Recommendations: For versions prior to 1.0.8, update to version 1.0.8 or later to resolve the issue...

AudioCodes VoIP Phones Hardcoded Key

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2022-054 Product: AudioCodes VoIP Phones Manufacturer: AudioCodes Ltd. Affected Versions: Firmware Versions = 3.4.8.M4 Tested Versions: Firmware Version 3.4.4.1000 Vulnerability Type: Use of Hard-coded Cryptographic Key CWE-321 Ris...

PT-2023-7583 · Aleos · Aleos

Name of the Vulnerable Software and Affected Versions: ALEOS versions 4.16.0 and earlier Description: The issue is related to the use of a hardcoded SSL certificate and private key in several versions of ALEOS. This could allow an attacker with access to these items to perform a man-in-the-middle...

CVE-2023-33371

Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication...

CVE-2023-33371

Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication...

PT-2023-24320 · Control Id · Idsecure

Name of the Vulnerable Software and Affected Versions: Control ID IDSecure versions 4.7.26.0 and prior Description: The issue allows attackers to sign arbitrary session tokens and bypass authentication due to the use of a hardcoded cryptographic key for signing and verifying JWT session tokens...

PT-2023-26960 · WordPress · Video Conferencing With Zoom

Name of the Vulnerable Software and Affected Versions: Video Conferencing with Zoom plugin for WordPress versions up to, and including, 4.2.1 Description: The issue is related to Sensitive Information Exposure due to a hardcoded encryption key in the vczapi encrypt decrypt function. This allows...

CVE-2023-3342

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'uruploadprofilepic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with...

CVE-2023-34130

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm TEA with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

CVE-2023-34130

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm TEA with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

CVE-2023-34130

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm TEA with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

CVE-2023-34130

CVE-2023-34130 affects SonicWall GMS (versions 9.3.2-SP1 and earlier) and SonicWall Analytics (versions 2.5.0.4-R7 and earlier). The root cause is use of an outdated encryption algorithm (TEA) with a hardcoded key to encrypt sensitive data, per the CVE description. The NVD metrics indicate a CRIT...

PT-2023-24339 · WordPress · User Registration

Name of the Vulnerable Software and Affected Versions: User Registration plugin for WordPress versions up to, and including, 3.0.2 Description: The issue arises from a hardcoded encryption key and missing file type validation on the ur upload profile pic function. This allows authenticated...

WordPress Social Login And Register 7.6.4 Authentication Bypass Vulnerability

Description: WordPress Social Login and Register Discord, Google, Twitter, LinkedIn = 7.6.4 – Authentication Bypass Affected Plugin: WordPress Social Login and Register Discord, Google, Twitter, LinkedIn Plugin Slug: woocommerce-abandoned-cart Affected Versions: = 7.6.4 CVE ID: CVE-2023-2982 CVSS...

CVE-2023-3371

The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lockcontentformhandler' and 'displaypasswordform' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt an...

CVE-2023-28937

DataSpider Servista 4.4 and earlier is affected by a vulnerability where a cryptographic key is hard-coded into ScriptRunner and ScriptRunner for Amazon SQS. If an attacker with access to a target DataSpider Servista instance can obtain a Launch Settings file, they may operate with the user’s enc...

CVE-2023-21426

Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN...