CVE-2024-23619 IBM Merge Healthcare eFilm Workstation Hardcoded Credentials

A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution...

CVE-2024-23619

CVE-2024-23619 affects IBM Merge Healthcare eFilm Workstation. The connected documents identify a hardcoded credential vulnerability as the root cause, allowing a remote, unauthenticated attacker to achieve information disclosure or remote code execution. Affected software is IBM Merge Healthcare...

Spoon Security Vulnerability

Spoon is a software from Spoon, a South Korean company that provides live streaming, talking, and chatting. A security vulnerability exists in Spoon versions 7.11.1 through 8.6.0. An attacker exploited the vulnerability to retrieve hard-coded API keys when reverse engineering application binaries...

Hardcoded credentials

Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines...

EverShop at risk to unauthorized access via weak HMAC secret

An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.9. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens JWTs, allowing them access t...

CVE-2023-46943

An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens JWTs, allowing them access t...

CVE-2023-46943

An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens JWTs, allowing them access t...

EverShop Security Breach

EverShop is a NodeJS e-commerce platform open-sourced by EverShop. A security vulnerability exists in EverShop versions prior to 1.0.0-rc.8, which stems from the HMAC secret used to generate tokens being hardcoded as "secret"...

CVE-2023-28897

The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III 3V3 - 2.0 TDI manufactured in 2022...

CVE-2023-28897

The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III 3V3 - 2.0 TDI manufactured in 2022...

Hardcoded credentials

The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III 3V3 - 2.0 TDI manufactured in 2022...

CVE-2023-28897

CVE-2023-28897 affects Škoda MIB3 infotainment. The vulnerability stems from a hardcoded secret value used to access critical UDS services, impacting Škoda Superb III (3V3) 2.0 TDI (2022). According to NVD, CVSSv3.1 base score 9.8 (Network, high impact on confidentiality, integrity, availability)...

CVE-2023-49256

It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key...

CVE-2023-49259

The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time...

CVE-2023-49256

It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key...

CVE-2023-49253

Root user password is hardcoded into the device and cannot be changed in the user interface...

Hardcoded credentials

The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time...

Hardcoded credentials

Root user password is hardcoded into the device and cannot be changed in the user interface...

CVE-2023-49256 Predictable encryption passphrase used in publicly accessible configuration file

It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key...

CVE-2023-49253

CVE-2023-49253: The entry is supported by connected records (RH CVE) confirming a hardcoded root password that cannot be changed via the user interface. The vulnerability affects a device where the password is embedded in the firmware/UI and is not configurable by users. Impact is rated as Critic...