PT-2023-15516 · Undefined · Undefined

exploit 1. Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI CVE-2022-47882, CVE-2022-47883, CVE-2022-47884, CVE-2022-47885 https://blog.assetnote.io/2023/01/24/yellowfin-auth-bypass-to-rce 2. DLL exploit for Roblox with custom functions, level 8 execution, multi Roblox injection, and a...

PT-2023-15514 · Undefined · Undefined

exploit 1. Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI CVE-2022-47882, CVE-2022-47883, CVE-2022-47884, CVE-2022-47885 https://blog.assetnote.io/2023/01/24/yellowfin-auth-bypass-to-rce 2. DLL exploit for Roblox with custom functions, level 8 execution, multi Roblox injection, and a...

PT-2023-15517 · Undefined · Undefined

exploit 1. Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI CVE-2022-47882, CVE-2022-47883, CVE-2022-47884, CVE-2022-47885 https://blog.assetnote.io/2023/01/24/yellowfin-auth-bypass-to-rce 2. DLL exploit for Roblox with custom functions, level 8 execution, multi Roblox injection, and a...

CVE-2022-37710

Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: 1 keybackup.data License Encryption Key or 2 Eaglesoft.Server.Configuration.data DbEncryptKeyPrimary Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or...

CVE-2022-37710

Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: 1 keybackup.data License Encryption Key or 2 Eaglesoft.Server.Configuration.data DbEncryptKeyPrimary Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or...

PT-2022-24046 · Patterson Dental · Patterson Dental Eaglesoft

Name of the Vulnerable Software and Affected Versions: Patterson Dental Eaglesoft version 21 Description: The issue concerns the encryption mechanism in Patterson Dental Eaglesoft. Although it uses AES-256 encryption, there are two methods to obtain the keyfile, which are through keybackup.data...

CVE-2022-37710

Patterson Dental Eaglesoft 21 uses AES-256, but the keyfile and salt are hardcoded into a DLL/EXE. Two access paths to the keyfile exist: keybackup.data > License > Encryption Key and Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key, enabling local attackers ...

CVE-2022-30274

The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm TEA in ECB mode using a hardcode...

CVE-2022-29960

Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities...

CVE-2022-29960

Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities...

CVE-2022-30274

The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm TEA in ECB mode using a hardcode...

CVE-2022-30274

The CVE-2022-30274 vulnerability affects the Motorola ACE1000 RTU (up to 2022-05-02). Root cause: use of TEA in ECB mode with a hardcoded key to protect credentials for the XRT LAN-to-radio gateway and for authenticating to the XNL port, enabling potential manipulation of device configuration. Do...

CVE-2022-29960

CVE-2022-29960 affects Emerson OpenBSI (engineering environment for ControlWave/Bristol Babcock RTUs) through 2022-04-29. The root cause is the use of DES with hardcoded cryptographic keys to protect system credentials, engineering files, and sensitive utilities. Exploitation requires local acces...

PT-2022-3162 · Emerson · Emerson Openbsi

Name of the Vulnerable Software and Affected Versions: Emerson OpenBSI through 2022-04-29 Description: The issue is related to the use of weak cryptography in Emerson OpenBSI, an engineering environment for the ControlWave and Bristol Babcock line of RTUs. Specifically, DES with hardcoded...

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Most mobile app users tend to blindly trust that the apps they download from app stores are safe and secure. But that isn't always the case. To demonstrate the pitfalls and identify vulnerabilities on a large scale, cybersecurity and machine intelligence company CloudSEK recently provided a...

Critical Bugs and Backdoor Found in GeoVision's Fingerprint and Card Scanners

GeoVision, a Taiwanese manufacturer of video surveillance systems and IP cameras, recently patched three of the four critical flaws impacting its card and fingerprint scanners that could've potentially allowed attackers to intercept network traffic and stage man-in-the-middle attacks. In a report...

CVE-2020-11723

Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys to authenticate to the ADB daemon on target devices. Extracted keys can be used to place evidence onto target devices when performing a forensic extraction...

Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution Vulnerabilities

Zyxel CNM SecuManager versions 3.1.0 and 3.1.1 suffer from having hard-coded secrets, missing authentication, backdoors, and remote code execution vulnerabilities. Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution The HTML version on "Multiple vulnerabilities found in Zyxe...

CVE-2020-7999

The Intellian Aptus application 1.0.2 for Android has hardcoded values for DOWNLOADAPIKEY and FILEDOWNLOADAPIKEY...

CVE-2013-3619

Intelligent Platform Management Interface IPMI with firmware for Supermicro X9 generation motherboards before SMTX9317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the 1 Lighttpd web server SSL interface and the 2 Dropbear S...