Hardcoded seed phrase in sherlock-v2-core repo

Handle cryptphi Vulnerability details Impact The hardcoded mnemonic can lead to account compromise. Proof of Concept There exists hardcoded credentials in line This credentials can be used to takeover the wallet address used. Tools Used Github Recommended Mitigation Steps Avoid hardcoding...

CVE-2022-22928

MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code...

CVE-2022-22928

CVE-2022-22928 concerns MingSoft MCMS v5.2.4, where a hardcoded Shiro key is the root cause. This enables attackers to exploit the key and execute arbitrary code. Available references from NVD and vendor CNVD/Red Hat entries corroborate a remote, unauthenticated impact with high to critical sever...

Hardcoded credentials

Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...

CVE-2022-0131

CVE-2022-0131 affects Jimoty App for Android prior to version 3.7.42, where a hard-coded API key for an external service is embedded in the app. The root cause is credential leakage from static API keys, enabling an attacker with local access to extract the key by analyzing the app’s data. Report...

Hardcoded credentials

The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service...

Hardcoded credentials

Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system...

Siemens SICAM A8000 Hardcoded Voucher Vulnerability

The SICAM A8000 is used for automation applications in all areas of remote control and energy supply. A hard-coded credentials vulnerability exists in the Siemens SICAM A8000, which can be exploited by an attacker to enable the debug port using default credentials...

Hardcoded credentials

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C All versions V16.20, CP-8000 MASTER MODULE WITH I/O -40/+70°C All versions V16.20, CP-8021 MASTER MODULE All versions V16.20, CP-8022 MASTER MODULE WITH GPRS All versions V16.20. An undocumented debug port uses...

Weak Encryption

session-file-store is vulnerable to a weak encryption implementation. The encryption library uses the a hardcoded key as the ciper, bypassing the point of encrypting the files to begin with. A malicious user can decrypt and get access...

CVE-2021-45458

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

Hardcoded credentials

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

CVE-2021-45458 Hardcoded credentials

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

CVE-2021-45458

Apache Kylin’s PasswordPlaceholderConfigurer uses a cipher initialized with a hardcoded key and IV, risking decryption of passwords stored in configuration. Affected: Kylin 2.x ≤ 2.6.6; 3.x ≤ 3.1.2; 4.x ≤ 4.0.0. Impact: potential password exposure. Remediation/fix details are not provided in the ...

PT-2022-12364 · Apache · Apache Kylin

Name of the Vulnerable Software and Affected Versions: Apache Kylin versions 2.6.6 and prior Apache Kylin versions 3.1.2 and prior Apache Kylin versions 4.0.0 and prior Description: Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In th...

CVE-2021-45913

A hardcoded key in ControlUp Real-Time Agent cuAgent.exe before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel...

CVE-2021-45913

A hardcoded key in ControlUp Real-Time Agent cuAgent.exe before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel...

CVE-2021-45913

A hardcoded key in ControlUp Real-Time Agent cuAgent.exe before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel...

Hardcoded credentials

A hardcoded key in ControlUp Real-Time Agent cuAgent.exe before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel...

CVE-2021-45913

A hardcoded key in ControlUp Real-Time Agent cuAgent.exe before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel...