CVE-2024-10284

The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21authenticationphrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site,...

CVE-2024-10284 CE21 Suite <= 2.2.0 - Authentication Bypass

The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21authenticationphrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site,...

CVE-2024-10284 CE21 Suite <= 2.2.0 - Authentication Bypass

The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21authenticationphrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site,...

CVE-2024-50593 Hardcoded Service Password

An attacker with local access to the medical office computer can access restricted functions of the Elefant Service tool by using a hard-coded "Hotline" password in the Elefant service binary, which is shipped with the software...

HASOMED Elefant 安全漏洞

HASOMED Elefant is an exercise software from the German company HASOMED. It specializes in meeting the needs of psychotherapists, child and adolescent psychotherapists, and medical psychotherapists. HASOMED Elefant has a security vulnerability. An attacker with local access to a medical office...

PT-2024-16156 · WordPress · Ce21 Suite

Name of the Vulnerable Software and Affected Versions: CE21 Suite plugin for WordPress versions up to, and including, 2.2.0 Description: The issue is due to a hardcoded encryption key in the ce21 authentication phrase function, allowing unauthenticated attackers to log in as any existing user on...

IBM Security Verify Access Appliance Insecure Transit / Hardcoded Passwords

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: 4 vulnerabilities in ibmsecurity Advisory URL: https://pierrekim.github.io/advisories/2024-ibmsecurity.txt Blog URL: https://pierrekim.github.io/blog/2024-11-01-ibmsecurity-4-vulnerabilities.html Date published: 2024-11-0...

CVE-2024-51431

LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable...

CVE-2024-51431

LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable...

CVE-2024-51431

LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable...

CVE-2024-51431

The CVE-2024-51431 entry affects LB-LINK BL-WR 1300H v1.0.4, where hardcoded credentials are stored in /etc/shadow and are easily guessable. Public records (NVD and related feeds) consistently describe this as a credential exposure with high to critical impact potential (CVE details: high confide...

PT-2024-8002 · Lb Link · Lb-Link Bl-Wr 1300H

Name of the Vulnerable Software and Affected Versions: LB-LINK BL-WR 1300H version 1.0.4 Description: The issue is related to hardcoded credentials stored in the /etc/shadow file of the LB-LINK BL-WR 1300H router. These credentials are easily guessable, which could allow a remote attacker to gain...

CVE-2024-51431

LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable...

YesWiki 加密问题漏洞

YesWiki is a wiki system written in PHP by the French organization YesWiki. It is used to create and manage websites in a collaborative manner. A cryptographic issue vulnerability exists in versions of YesWiki prior to 4.4.5, which uses a weak encryption algorithm and hardcoding to hash a passwor...

CVE-2024-28875

A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The backdoor string can be...

Fortinet Fortigate Hardcoded symmetric key in fips.c (FG-IR-19-007)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the FG-IR-19-007 advisory. - Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an...

Fortinet Fortigate Hardcoded SSLVPN cookie encryption key (FG-IR-21-051)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-051 advisory. - A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow an attacker to retrieve...

CVE-2024-48539

Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism...

CVE-2024-48539

Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism...

PT-2024-33138 · Neye3C · Neye3C

Name of the Vulnerable Software and Affected Versions: Neye3C version 4.5.2.0 Description: A hardcoded encryption key was found in the firmware update mechanism, which could potentially be exploited. Recommendations: For version 4.5.2.0, consider updating the firmware to a version that does not...