7572 matches found
CVE-2023-44318
Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the...
CVE-2023-44318
CVE-2023-44318 affects Siemens SCALANCE and RUGGEDCOM devices (e.g., SCALANCE XB205-3, M-series, S615, RM1224, etc.) where a hard-coded cryptographic key obfuscates configuration backups. This allows an authenticated admin or someone with a backup to extract configuration information from the exp...
PT-2023-6990 · Siemens · Scalance Xb205-3
Name of the Vulnerable Software and Affected Versions: SCALANCE XB205-3 SC, PN versions prior to V4.5 SCALANCE XB205-3 ST, E/IP versions prior to V4.5 Description: The issue is related to the use of a hardcoded cryptographic key in the software of industrial switches. This could allow a remote...
EnBw SENEC Legacy Storage Box Hardcoded Credentials
Advisory ID: Ph0s-2023-003 Product: EnBw - SENEC legacy storage box: V1-V3 Manufacturer: SENEC - a part of EnBw Affected Versions: Firmware: all as of 2023-06-19 Tested Versions: current Vulnerability Type: CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-798: Use of...
VulnCheck KEV: CVE-2022-35413
WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...
Hardcoded credentials
The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information...
Rocky Linux 8 : Rocky Enterprise Software Foundation Ceph Storage 4.1 (RLSA-2020:2231)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:2231 advisory. - A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. A...
Use Of Hardcoded Cryptographic Key
lamp-core and lamp-util are vulnerable to hard coded credential vulnerability. The vulnerability is due to usage of a hardcoded cryptographic key while creating and verifying a JWT token.The vulnerability allows an attacker to authenticate to the application via a specially crafted token...
CVE-2023-31579
Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token...
Hardcoded credentials
Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token...
CVE-2023-31579
Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token...
PT-2023-23394 · Dromara · Dromara Lamp-Cloud
Name of the Vulnerable Software and Affected Versions: Dromara Lamp-Cloud versions prior to 3.8.1 Description: The issue is related to the use of a hardcoded cryptographic key when creating and verifying a Json Web Token. This allows attackers to authenticate to the application via a crafted JWT...
CVE-2023-31579
The CVE-2023-31579 issue affects Dromara Lamp-Cloud prior to v3.8.1, where a hardcoded cryptographic key is used when creating and verifying JSON Web Tokens. This root cause enables attackers to authenticate to the application via specially crafted JWT tokens, as documented across multiple source...
accure interest function is likely failed to accure interest for token with low decimal
Lines of code Vulnerability details Impact loss of precision is too high when accuring interest Proof of Concept When intereste accures, we are calling uint256 interestAmount; uint256 interestRate = IIRMirm.getInterestRateaddressthis, trancheIndex, totalDeposit, totalBorrow; interestAmount =...
SUSE CVE-2017-7537
It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates...
hardcoded route ratio might hcause verify route return false continously instead use >=
Lines of code Vulnerability details Impact hardcoded rout ratio might cause verify route to return false continuously the verifyroute in ethenaminting.sol is an if that checks whether the route ratio is 10000 or not and the ratio is going to be somewhere around that but what if it actually up wit...
CVE-2023-45499
VinChin Backup & Recovery v5.0., v6.0., v6.7., and v7.0. was discovered to contain hardcoded credentials...
CVE-2023-45499
VinChin Backup & Recovery v5.0., v6.0., v6.7., and v7.0. was discovered to contain hardcoded credentials...
CVE-2023-45499
VinChin Backup & Recovery v5.0., v6.0., v6.7., and v7.0. was discovered to contain hardcoded credentials...
Hardcoded credentials
VinChin Backup & Recovery v5.0., v6.0., v6.7., and v7.0. was discovered to contain hardcoded credentials...