7548 matches found
CVE-2026-22906
User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass...
CVE-2026-22906 Hardcoded Key Allows Credential Disclosure
User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass...
CVE-2026-22906
User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass...
CVE-2026-22906 Hardcoded Key Allows Credential Disclosure
User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass...
CVE-2026-22906
CVE-2026-22906 involves credentials disclosure caused by AES-ECB encryption with a hardcoded key in a configuration file. An unauthenticated remote attacker that can obtain the config file can decrypt and recover plaintext usernames and passwords, with higher risk when combined with an authentica...
PT-2026-7084
Name of the Vulnerable Software and Affected Versions WAGO 0852-1322 affected versions not specified Description User credentials are stored using AES-ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernam...
WAGO Industrial-Managed-Switch 0852-1322和WAGO Industrial-Managed-Switch 0852-1328 安全漏洞
WAGO Industrial-Managed-Switch 0852-1322 and WAGO Industrial-Managed-Switch 0852-1328 are industrial-grade managed Ethernet switches from the German company WAGO. Both devices have security vulnerabilities. These vulnerabilities stem from the use of hardcoded keys for AES-ECB encryption, which...
atool
ATOOL - Android Static Analysis & Exploit Scanner v1.0 !Pyth...
CVE-2026-2103
Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt a...
CVE-2020-37157
DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by...
CVE-2020-37135
AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system...
DBPower C300 HD Camera 访问控制错误漏洞
The DBPower C300 HD Camera is a camera produced by the American company DBPower. The DBPower C300 HD Camera has a access control vulnerability, which stems from unprotected configuration of backup endpoints. This vulnerability may allow unverified attackers to retrieve hardcoded credentials...
AMSS++ 信任管理问题漏洞
AMSS++ is a tool within the Amssplus office management support system. Version 4.7 of AMSS++ has a vulnerability related to trust management. This vulnerability stems from hardcoded credentials, which may allow attackers to bypass authentication and access administrator accounts...
CVE-2020-37157 DBPower C300 HD Camera - Remote Configuration Disclosure
DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by...
CVE-2020-37157
CVE-2020-37157 affects DBPower C300 HD Camera. A configuration disclosure vulnerability allows unauthenticated attackers to download the unprotected /tmpfs/config_backup.bin and extract hardcoded credentials (username/password). Documented impact is credential exposure with high confidentiality i...
CVE-2020-37135 AMSS++ 4.7 - Backdoor Admin Account
AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system...
CVE-2020-37135 AMSS++ 4.7 - Backdoor Admin Account
AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system...
CVE-2020-37135
AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system...
CVE-2026-25505
Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue has been patched in version 0.1.7...
PT-2026-6818
Name of the Vulnerable Software and Affected Versions AMSS++ version 4.7 Description AMSS++ 4.7 has a flaw that permits unauthorized access to administrative accounts. This is due to the use of hardcoded credentials, specifically the default username 'admin' and password '1234'. Successful...