7574 matches found
Hardcoded credentials
A vulnerability named 'Non-Responsive Delegation Attack' NRDelegation Attack has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for...
CVE-2022-36159
The CVE-2022-36159 issue affects Contec FXA3200 firmware version 1.13 and earlier, where a hard-coded root password stored in /etc/shadow is weak and crackable. An attacker with adjacent access could use this credential to reach the Wireless LAN Manager interface, enable Telnet, sniff traffic, or...
Backdoor.Win32.Bingle.b MVID-2022-0643 Hardcoded Credential
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/eacaa12336f50f1c395663fba92a4d32.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Bingle.b Vulnerability: Weak Hardcoded Credentials Description: The malware...
Backdoor.Win32.Psychward.b MVID-2022-0645 Hardcoded Credential
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/0b8cf90ab9820cb3fcb7f1d1b45e4e57.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Psychward.b Vulnerability: Weak Hardcoded Credentials Description: The...
TOTOLINK T6 信任管理问题漏洞
TOTOLINK T6 is a wireless dual-band router from China's Gion Electronics TOTOLINK. A trust management issue vulnerability exists in TOTOLINK T6 version V4.1.5cu.709B20210518, which stems from a hardcoded password for root in /etc/shadow.sample...
CVE-2022-35413
WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...
CVE-2022-35413
WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...
CVE-2022-35413
WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...
Hardcoded credentials
WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...
CVE-2022-35413
WAPPLES Web Application Firewall
PT-2022-22814 · Wapples · Wapples
Name of the Vulnerable Software and Affected Versions: WAPPLES versions through 6.0 Description: A threat actor could use a hardcoded systemi account to access the system configuration and confidential information, such as SSL keys, via an HTTPS request to the "/webapi/" URI on port 443 or 5001...
CVE-2022-37857
bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default...
CVE-2022-37857
bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default...
CVE-2022-37857
bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default...
Hardcoded credentials
bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default...
CVE-2022-37857
CVE-2022-37857 affects bilde2910 Hauk v1.6.1, where a hardcoded default password (blank) is hashed but stored in server-side config.php and also in plaintext on the Android client by default. This creates a persistent credential exposure risk that could enable unauthorized access if the default i...
Hardcoded credentials
Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command...
Hardcoded USD pegs can be broken
Lines of code Vulnerability details Description The prices of USDC and USDT, which I assume are the underlying tokens of cUSDC and cUSDT, have been hardcoded to parity. Such practices are highly discouraged because while the likelihood of either stablecoin de-pegging is low, it is not zero. Becau...
HARDCODED PRICES FOR STABLECOINS
Lines of code Vulnerability details Impact Hardcoded prices of stablecosins may open some arbitrage opportunities and produce many bad loans in CLM. Proof of Concept Hardcoding price of cUSDT and cUSDC as 1 may open some arbitrage opportunities when real price for each token is a little bit...
USE SAME SYMBOL CAN GET FAKED PRICE OF TOKEN
Lines of code Vulnerability details Impact it compare symbol to identify token,it can be exploit to produce fake price of token. Proof of Concept attacker can create a token which is like cToken and has symbol of cNOTE .When somebody call comptroller’s liquidateCalculateSeizeTokens ,it will give ...