7570 matches found
CVE-2023-23324
CVE-2023-23324 affects Zumtobel Netlink CCD Onboard: vulnerable in firmware 3.80 with prior 3.74—3.79 releases. The root cause is hardcoded administrator credentials embedded in the device, enabling unauthorized admin access if exploited. Documented impact is severe (admin-level access could lead...
CVE-2023-29064
The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts...
Hardcoded credentials
The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts...
CVE-2023-29064
The CVE-2023-29064 issue affects BD FACSChorus software (versions v5.0/v5.1 and v3.0/v3.1) where sensitive information is stored in plaintext, enabling a threat actor to obtain hardcoded secrets such as tokens and passwords for administrative accounts. Root cause: use of plaintext storage for cre...
VulnCheck KEV: CVE-2017-8226
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a...
PT-2023-22121 · Unknown · Facschorus
Name of the Vulnerable Software and Affected Versions: FACSChorus affected versions not specified Description: The FACSChorus software stores sensitive information in plaintext, allowing a threat actor to obtain hardcoded secrets, including tokens and passwords for administrative accounts...
Hardcoded credentials
A flaw was found in libnbd, due to a malicious Network Block Device NBD, a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service...
Hardcoded credentials
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used to sign the application’s JWT token and verify the incoming user-supplied tokens...
Headwind MDM Trust Management Issue Vulnerabilities
Headwind MDM is a platform for managing Android devices in the enterprise. A trust management issue vulnerability exists in Headwind MDM Web panel version 5.22.1, which stems from the use of hardcoding in JWT Secret, resulting in an access control error...
CVE-2023-48055
SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications...
CVE-2023-48055
SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications...
Hardcoded credentials
SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications...
CVE-2023-48055
SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications...
CVE-2023-48055
CVE-2023-48055 affects SuperAGI v0.0.13. The root cause is use of a hardcoded key for encryption operations, leading to potential disclosure of information and communications. Public sources consistently describe the impact as information disclosure due to cryptographic misuse. The connected docu...
Hardcoded credentials
A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials...
CVE-2023-44318
Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the...
CVE-2023-44318
Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the...
Hardcoded credentials
Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the...
CVE-2023-44318
Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the...
CVE-2023-44318
CVE-2023-44318 affects Siemens SCALANCE and RUGGEDCOM devices (e.g., SCALANCE XB205-3, M-series, S615, RM1224, etc.) where a hard-coded cryptographic key obfuscates configuration backups. This allows an authenticated admin or someone with a backup to extract configuration information from the exp...