CVE-2021-45458

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

CVE-2021-45458

Apache Kylin’s PasswordPlaceholderConfigurer uses a cipher initialized with a hardcoded key and IV, risking decryption of passwords stored in configuration. Affected: Kylin 2.x ≤ 2.6.6; 3.x ≤ 3.1.2; 4.x ≤ 4.0.0. Impact: potential password exposure. Remediation/fix details are not provided in the ...

CVE-2021-45458 Hardcoded credentials

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

PT-2022-12364 · Apache · Apache Kylin

Name of the Vulnerable Software and Affected Versions: Apache Kylin versions 2.6.6 and prior Apache Kylin versions 3.1.2 and prior Apache Kylin versions 4.0.0 and prior Description: Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In th...

CVE-2021-45913

A hardcoded key in ControlUp Real-Time Agent cuAgent.exe before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel...

CVE-2021-45913

A hardcoded key in ControlUp Real-Time Agent cuAgent.exe before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel...

CVE-2021-45913

A hardcoded key in ControlUp Real-Time Agent cuAgent.exe before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel...

CVE-2021-45913

A hardcoded key in ControlUp Real-Time Agent cuAgent.exe before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel...

The vulnerability of the EyesOfNetwork (EON) monitoring software, related to the use of pre-installed credentials, allows a perpetrator to gain unauthorized access to protected information and enhance their privileges.

The vulnerability of the EyesOfNetwork EON monitoring software lies in the use of the hardcoded EONAPIKEY key by default. Exploiting this vulnerability allows a remote attacker to gain unauthorized access to protected information and enhance their privileges...

MyLittleTools MyLittleBackup 代码问题漏洞

MyLittleTools MyLittleBackup is a SQL Server management tool from MyLittleTools France. Manage SQL Server databases in a web hosted environment. A code issue vulnerability exists in MyLittleBackup, which allows remote attackers to exploit the vulnerability to execute arbitrary code because the...

The vulnerability of the “Blockhost-Net” information protection software allows a perpetrator to gain access to the protected information.

The vulnerability of the GIS.BlockPost.GUI application, a software tool for information protection, is related to the use of a symmetric encryption key defined in the program code. Exploiting this vulnerability could allow an attacker to decrypt files containing information about the program’s...

CVE-2021-27481

ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information...

CVE-2020-35137

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work aka com.mobileiron. The key is in com/mobileiron/registration/RegisterActivity.java and can be used for...

CVE-2020-35138

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demonstrated by Mobile@Work aka com.mobileiron. The key is in the...

PT-2021-11716 · Mobileiron · Mobileiron

Name of the Vulnerable Software and Affected Versions: MobileIron agents through 2021-03-22 for Android and iOS Description: The issue concerns a hardcoded encryption key used to encrypt username and password details during the authentication process. This key is located in the...

PT-2021-11715 · Mobileiron · Mobileiron

Name of the Vulnerable Software and Affected Versions: MobileIron agents through 2021-03-22 for Android and iOS Description: The issue concerns a hardcoded API key used for communication with the MobileIron SaaS discovery API. This key is found in the...

Ovarro TWinSoft 信任管理问题漏洞

Ovarro TWinSoft is an application platform from Ovarro Germany. One that can be used anytime, anywhere to access web features using its mobile devices and PCs. A security vulnerability exists in Ovarro TWinSoft that stems from TWinSoft's use of a custom hardcoded user TWinSoft with a hardcoded ke...

CVE-2020-13963

SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp which is a guest account...

CVE-2020-7846

Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page...

CVE-2020-25493

Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic...