7573 matches found
CVE-2022-35540
Hardcoded JWT Secret in AgileConfig 1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access...
CVE-2022-35540
Hardcoded JWT Secret in AgileConfig 1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access...
Hardcoded credentials
Hardcoded JWT Secret in AgileConfig 1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access...
CVE-2022-35540
CVE-2022-35540 concerns AgileConfig prior to 1.6.8 where a hard-coded JWT secret in the server enables remote attackers to forge a token and gain administrator access. The issue, documented across multiple sources (Red Hat, GHSA, OSV, NVD), attributes the root cause to an inline secret, allowing ...
PT-2022-22898 · Unknown · Agileconfig
Name of the Vulnerable Software and Affected Versions: AgileConfig versions prior to 1.6.8 Description: The issue allows remote attackers to gain administrator access by utilizing a hardcoded JWT Secret in the AgileConfig Server. This can be achieved by using the generated JWT token...
Hardcoded credentials
Certain 5400 RPM hard drives, for laptops and other PCs in approximately 2005 and later, allow physically proximate attackers to cause a denial of service device malfunction and system crash via a resonant-frequency attack with the audio signal from the Rhythm Nation music video. A reported produ...
Atlassian Confluence: Questions for Confluence App Hardcoded Credentials Vulnerability (CVE-2022-26138)
Over the last few months, Atlassian Confluence has increasingly become a target for attackers. In June 2022, a critical severity OGNL Remote Code Execution vulnerability was disclosed CVE-2022-26134. More recently, CVE-2022-26138 was disclosed on social media platforms in July 2022. In...
CVE-2022-1400 Hardcoded encryption key IV in Exago WebReportsApi.dll
Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00...
Hardcoded credentials
'Hulu / ????' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...
Vulnerability Management news and publications #2
Hello everyone! This is the second episode of Vulnerability Management news and publications. In fact, this is a collection of my posts from the avleonovcom and avleonovrus telegram channels. Therefore, if you want to read them earlier, subscribe to these channels. The main idea of this episode...
CVE-2022-35491
TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample...
CVE-2022-35491
TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample...
CVE-2022-35491
TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample...
Hardcoded credentials
TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample...
CVE-2022-35491
TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample...
CVE-2022-35491
CVE-2022-35491 affects TOTOLINK A3002RU V3.0.0-B20220304.1804, with a hardcoded root password stored in /etc/shadow.sample. This is corroborated by multiple connected sources (NVD entry, Red Hat advisory, CNNVD, PRION) and confirms a high-severity issue (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H...
CVE-2021-41615
websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 or RFC 2617 section 3.2.1. NOTE:...
Hardcoded credentials
websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 or RFC 2617 section 3.2.1. NOTE:...
Atlassian Questions for Confluence App Hardcoded Credentials (CVE-2022-26138)
A hardcoded credentials vulnerability exists in Atlassian Questions for Confluence App. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...
PT-2022-11443 · Goahead · Goahead Web Server
Name of the Vulnerable Software and Affected Versions: GoAhead WebServer version 2.1.8 Description: The issue arises from insufficient nonce entropy in the websda.c file of GoAhead WebServer. This is due to the nonce calculation relying on a hardcoded value, onceuponatimeinparadise, which does no...