CVE-2024-52788

Tenda W9 v1.0.0.74456 was discovered to contain a hardcoded password vulnerability in /etcro/shadow, which allows attackers to log in as root...

CVE-2024-52789

Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etcro/shadow, which allows attackers to log in as root...

CVE-2024-52788

CVE-2024-52788 affects Tenda W9 (version 1.0.0.7(4456)). A hardcoded password in /etc_ro/shadow allows an attacker to log in as root. The entry is supported by multiple sources and has a CVSS v3.1 base score of 8.0 (HIGH) with adjacent access, low attack complexity, privileges required: low, and ...

PT-2024-35441 · Tenda · Tenda W9

Name of the Vulnerable Software and Affected Versions: Tenda W9 version 1.0.0.74456 Description: The issue is related to a hardcoded password in the /etc ro/shadow file, which allows attackers to log in as root. Recommendations: For Tenda W9 version 1.0.0.74456, consider changing the hardcoded...

Improper Authentication

Overview cobbler is a network install server. Affected versions of this package are vulnerable to Improper Authentication due to the utils.getsharedsecret function. An attacker can gain full control of the server by connecting to the cobbler XML-RPC server using a hardcoded user and password...

The Problem of Permissions and Non-Human Identities - Why Remediating Credentials Takes Longer Than You Think

According to research from GitGuardian and CyberArk, 79% of IT decision-makers reported having experienced a secrets leak, up from 75% in the previous year's report. At the same time, the number of leaked credentials has never been higher, with over 12.7 million hardcoded credentials in public...

CVE-2024-11308

The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content...

CVE-2024-11308

The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content...

CVE-2024-11308

The CVE-2024-11308 entry concerns TRCore’s DVC, a file-insurance system, which encrypts files with a hardcoded key. The underlying issue is the use of a static cryptographic key, enabling an attacker with local access to decrypt targeted files and recover original content as described in multiple...

CVE-2024-11308 TRCore DVC - Use of Hard-coded Cryptographic Key

The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content...

CVE-2024-11308 TRCore DVC - Use of Hard-coded Cryptographic Key

The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content...

PT-2024-16899 · Trcore · Dvc

Name of the Vulnerable Software and Affected Versions: DVC from TRCore affected versions not specified Description: The issue concerns the use of a hardcoded key for file encryption in the DVC from TRCore. This hardcoded key can be exploited by attackers to decrypt the files and restore their...

Baxter Life2000 信任管理问题漏洞

The Baxter Life2000 is a mask-less non-invasive ventilator from Baxter. A trust management issue vulnerability exists in Baxter Life2000 version 06.08.00.00 and prior versions, which stems from the clinician password and serial number clinician password, hardcoded in plaintext in the device, whic...

CVE-2024-40410

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded cryptographic key used for encryption...

CVE-2024-40410

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded cryptographic key used for encryption...

PT-2024-28835 · Cybele · Thinfinity Workspace

Name of the Vulnerable Software and Affected Versions: Cybele Software Thinfinity Workspace versions prior to 7.0.2.113 Description: The issue concerns a hardcoded cryptographic key used for encryption. This key is embedded in the software, potentially allowing unauthorized access or exploitation...

CVE-2024-40410

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded cryptographic key used for encryption...

CVE-2024-40410

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded cryptographic key used for encryption...

PT-2024-35161 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.2 Description: The issue allows attackers to forge JWT and take over services due to the JWT secret being hardcoded in the code. Additionally, the UID and OID are also hardcoded. This has been fixed in version...

CVE-2024-40410

Cybele Software Thinfinity Workspace prior to v7.0.2.113 is affected by a hardcoded cryptographic key used for encryption. The vulnerability affects Thinfinity Workspace versions before 7.0.2.113, enabling potential cryptographic misuse via the embedded key. Remediation: upgrade to v7.0.2.113 or ...