Lucene search
K

7572 matches found

Vulnrichment
Vulnrichment
added 2023/11/14 11:3 a.m.1 views

CVE-2023-44318

Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the...

6.9CVSS5.3AI score0.00688EPSS
Exploits0References5
CVE
CVE
added 2023/11/14 11:3 a.m.106 views

CVE-2023-44318

CVE-2023-44318 affects Siemens SCALANCE and RUGGEDCOM devices (e.g., SCALANCE XB205-3, M-series, S615, RM1224, etc.) where a hard-coded cryptographic key obfuscates configuration backups. This allows an authenticated admin or someone with a backup to extract configuration information from the exp...

6.9CVSS4.8AI score0.00688EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/14 12:0 a.m.2 views

PT-2023-6990 · Siemens · Scalance Xb205-3

Name of the Vulnerable Software and Affected Versions: SCALANCE XB205-3 SC, PN versions prior to V4.5 SCALANCE XB205-3 ST, E/IP versions prior to V4.5 Description: The issue is related to the use of a hardcoded cryptographic key in the software of industrial switches. This could allow a remote...

6.9CVSS6.8AI score0.00688EPSS
Exploits0References11
Packet Storm
Packet Storm
added 2023/11/13 12:0 a.m.311 views

EnBw SENEC Legacy Storage Box Hardcoded Credentials

Advisory ID: Ph0s-2023-003 Product: EnBw - SENEC legacy storage box: V1-V3 Manufacturer: SENEC - a part of EnBw Affected Versions: Firmware: all as of 2023-06-19 Tested Versions: current Vulnerability Type: CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-798: Use of...

7AI score0.00963EPSS
Exploits5
VulnCheck KEV
VulnCheck KEV
added 2023/11/13 12:0 a.m.7 views

VulnCheck KEV: CVE-2022-35413

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...

9.8CVSS7.3AI score0.12476EPSS
Exploits0References1
Prion
Prion
added 2023/11/09 11:15 p.m.12 views

Hardcoded credentials

The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information...

5CVSS7AI score0.00539EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.17 views

Rocky Linux 8 : Rocky Enterprise Software Foundation Ceph Storage 4.1 (RLSA-2020:2231)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:2231 advisory. - A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. A...

9CVSS7.7AI score0.01269EPSS
Exploits1References164
Veracode
Veracode
added 2023/11/06 9:49 a.m.19 views

Use Of Hardcoded Cryptographic Key

lamp-core and lamp-util are vulnerable to hard coded credential vulnerability. The vulnerability is due to usage of a hardcoded cryptographic key while creating and verifying a JWT token.The vulnerability allows an attacker to authenticate to the application via a specially crafted token...

9.8CVSS6.9AI score0.00681EPSS
Exploits0References4Affected Software2
ATTACKERKB
ATTACKERKB
added 2023/11/02 10:15 p.m.7 views

CVE-2023-31579

Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token...

9.8CVSS7.4AI score0.00681EPSS
Exploits0References3
Prion
Prion
added 2023/11/02 10:15 p.m.54 views

Hardcoded credentials

Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token...

7.5CVSS9.2AI score0.00681EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/02 12:0 a.m.11 views

CVE-2023-31579

Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token...

6.9AI score0.00681EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/11/02 12:0 a.m.6 views

PT-2023-23394 · Dromara · Dromara Lamp-Cloud

Name of the Vulnerable Software and Affected Versions: Dromara Lamp-Cloud versions prior to 3.8.1 Description: The issue is related to the use of a hardcoded cryptographic key when creating and verifying a Json Web Token. This allows attackers to authenticate to the application via a crafted JWT...

9.8CVSS9.1AI score0.00681EPSS
Exploits0References8
CVE
CVE
added 2023/11/02 12:0 a.m.75 views

CVE-2023-31579

The CVE-2023-31579 issue affects Dromara Lamp-Cloud prior to v3.8.1, where a hardcoded cryptographic key is used when creating and verifying JSON Web Tokens. This root cause enables attackers to authenticate to the application via specially crafted JWT tokens, as documented across multiple source...

9.8CVSS9.2AI score0.00681EPSS
Exploits0References2Affected Software1
Code423n4
Code423n4
added 2023/11/02 12:0 a.m.12 views

accure interest function is likely failed to accure interest for token with low decimal

Lines of code Vulnerability details Impact loss of precision is too high when accuring interest Proof of Concept When intereste accures, we are calling uint256 interestAmount; uint256 interestRate = IIRMirm.getInterestRateaddressthis, trancheIndex, totalDeposit, totalBorrow; interestAmount =...

7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/10/31 2:42 a.m.1 views

SUSE CVE-2017-7537

It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates...

5.9CVSS7.7AI score0.01458EPSS
Exploits1References2
Code423n4
Code423n4
added 2023/10/30 12:0 a.m.3 views

hardcoded route ratio might hcause verify route return false continously instead use >=

Lines of code Vulnerability details Impact hardcoded rout ratio might cause verify route to return false continuously the verifyroute in ethenaminting.sol is an if that checks whether the route ratio is 10000 or not and the ratio is going to be somewhere around that but what if it actually up wit...

7AI score
Exploits0
OSV
OSV
added 2023/10/27 4:15 a.m.4 views

CVE-2023-45499

VinChin Backup & Recovery v5.0., v6.0., v6.7., and v7.0. was discovered to contain hardcoded credentials...

9.8CVSS5.8AI score0.07887EPSS
Exploits3References4
ATTACKERKB
ATTACKERKB
added 2023/10/27 4:15 a.m.3 views

CVE-2023-45499

VinChin Backup & Recovery v5.0., v6.0., v6.7., and v7.0. was discovered to contain hardcoded credentials...

9.8CVSS7.3AI score0.07887EPSS
Exploits3References6
NVD
NVD
added 2023/10/27 4:15 a.m.19 views

CVE-2023-45499

VinChin Backup & Recovery v5.0., v6.0., v6.7., and v7.0. was discovered to contain hardcoded credentials...

9.8CVSS9.6AI score0.07887EPSS
Exploits3References4
Prion
Prion
added 2023/10/27 4:15 a.m.29 views

Hardcoded credentials

VinChin Backup & Recovery v5.0., v6.0., v6.7., and v7.0. was discovered to contain hardcoded credentials...

7.5CVSS9.5AI score0.07887EPSS
Exploits3References4Affected Software1
Rows per page
Query Builder