Hardcoded credentials

Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges...

Aver EVC300 Firmware 00.10.16.36 Hardcoded Secrets Vulnerability

Aver EVC300 firmware version 00.10.16.36 suffers from having multiple hard-coded secrets that can allow for access bypass. Firmware for Aver EVC300 multipoint video conferencing system v00.10.16.36 and others as well as firmware for several other devices manufactured by Aver, potentially all...

Aver EVC300 Firmware 00.10.16.36 Hardcoded Secrets

Firmware for Aver EVC300 multipoint video conferencing system v00.10.16.36 and others as well as firmware for several other devices manufactured by Aver, potentially all multipoint video conferencing systems contains multiple advanced features that are not well documented: 1. The web admin server...

Hardcoded static IV and AAD with a reused key in AES GCM encryption in mod_auth_openidc

...

Backdoor.Win32.FTP.Matiteman Weak Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/fc8eaa2a5752b509dbd02989d8d9f2e2.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.FTP.Matiteman Vulnerability: Weak Hardcoded Password Description: The malware listens...

Backdoor.Win32.WinShell.50 Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/8170928cd3e0f1a79b9d40ae19a4d217.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.WinShell.50 Vulnerability: Weak Hardcoded Password Description: The malware listens o...

Backdoor.Win32.WinShell.50 Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0faecbdfccf3144d487971ed47f3665c.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.WinShell.50 Vulnerability: Weak Hardcoded Password Description: The malware listens o...

The vulnerability of the EyesOfNetwork (EON) monitoring software, related to the use of pre-installed credentials, allows a perpetrator to gain unauthorized access to protected information and enhance their privileges.

The vulnerability of the EyesOfNetwork EON monitoring software lies in the use of the hardcoded EONAPIKEY key by default. Exploiting this vulnerability allows a remote attacker to gain unauthorized access to protected information and enhance their privileges...

Hardcoded credentials

HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows remote attackers to operate the IP Camera.reboot, factory reset, snapshot etc...

Whispers - Identify Hardcoded Secrets In Static Structured Text

"My little birds are everywhere, even in the North, they whisper to me the strangest stories." - Lord Varys Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can...

Backdoor.Win32.Wollf.a Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/52d1341f73c34ba2638581469120b68a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.a Vulnerability: Weak Hardcoded Password Description: The malware listens on TC...

Backdoor.Win32.Wollf.h Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/5494b78dcfaf16aa43b5dbd563dc5582.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.h Vulnerability: Hardcoded Cleartext Password Description: The malware listens ...

Hardcoded credentials

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or...

Hardcoded credentials

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to corrupt program data...

Hardcoded credentials

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

Airangel Hsmx Gateway Hardcoded Credentials Vulnerability

Airangel Hsmx Gateway is a platform from Airangel UK, Inc. A hard-coded credential vulnerability exists in versions of Airangel Hsmx Gateway prior to 5.2.04, which stems from the use of PostgreSQL database credentials hard-coded in the configuration file. An attacker could steal this credential t...

Hardcoded credentials

Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble services are not encrypted which could lead to the communication channel being accessible by an attacker...

Hardcoded credentials

An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device...

Hardcoded credentials

Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials...

Hardcoded credentials

DISPUTED KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility of the ETS to securely store...