CVE-2018-21137

Certain NETGEAR devices are affected by a hardcoded password. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76...

CVE-2019-6859

A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers All versions of the following CPUs and Communication Module product references listed in the Security Notifications, which could cause the disclosure of FTP hardcoded credentials when using the Web server of the...

Hardcoded credentials

A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers All versions of the following CPUs and Communication Module product references listed in the Security Notifications, which could cause the disclosure of FTP hardcoded credentials when using the Web server of the...

CVE-2019-6859

A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers All versions of the following CPUs and Communication Module product references listed in the Security Notifications, which could cause the disclosure of FTP hardcoded credentials when using the Web server of the...

CVE-2019-6859

The CVE-2019-6859 entry concerns Modicon Controllers with hardcoded FTP credentials exposed via the controller Web server on unsecure networks (CWE-798). Affected scope includes Modicon Controllers across all CPUs and Communication Module references listed in Security Notifications. Root cause is...

Pillaging AWS ECS Task Definitions for Hardcoded Secrets

The post Pillaging AWS ECS Task Definitions for Hardcoded Secrets appeared first on Rhino Security Labs...

Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption

Title: Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption Date: 2020-04-20 Author: hyp3rlinx Vendor: CVE: CVE-2020-6857 import time, string, sys, argparse, os, codecs Fixed: updated for Python 3, the hex decode function was not working in Python 3 version. This should be compatible...

PT-2020-6094 · Openssl +1 · Openssl +1

Name of the Vulnerable Software and Affected Versions: Zoom Client for Meetings version 4.6.11 Description: The issue is related to the airhost.exe executable file in Zoom Client for Meetings, which uses a hardcoded registration data with the SHA-256 hashing algorithm. This could allow a remote...

CVE-2019-20656

Certain NETGEAR devices are affected by a hardcoded password. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.24, JR6150 before 1.0.1.24, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6230 before...

CVE-2019-20656

Certain NETGEAR devices are affected by a hardcoded password. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.24, JR6150 before 1.0.1.24, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6230 before...

Hardcoded credentials

Certain NETGEAR devices are affected by a hardcoded password. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.24, JR6150 before 1.0.1.24, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6230 before...

CVE-2019-20656

The CVE-2019-20656 issue is a Hardcoded password vulnerability affecting multiple NETGEAR devices (D6200 < 1.1.00.36; D7000 < 1.0.1.74; PR2000 < 1.0.0.30; R6020 < 1.0.0.42; R6080 < 1.0.0.42; R6050 < 1.0.1.24; JR6150 < 1.0.1.24; R6120 < 1.0.0.48; R6220 < 1.1.0.86; R6230 ...

CVE-2019-20656

Certain NETGEAR devices are affected by a hardcoded password. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.24, JR6150 before 1.0.1.24, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6230 before...

Hardcoded credentials

An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time and the incrementing sessionid can impersonate a session...

CVE-2020-11723

Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys to authenticate to the ADB daemon on target devices. Extracted keys can be used to place evidence onto target devices when performing a forensic extraction...

Hardcoded credentials

Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys to authenticate to the ADB daemon on target devices. Extracted keys can be used to place evidence onto target devices when performing a forensic extraction...

Hardcoded credentials

The pc-kernel snap build process hardcoded the --allow-insecure-repositories and --allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is able to perform a MITM attack between the build environment and the Ubuntu archive to install a...

Cellebrite UFED 7.29 Hardcoded ADB Authentication Keys

KL-001-2020-001 : Cellebrite Hardcoded ADB Authentication Keys Title: Cellebrite Hardcoded ADB Authentication Keys Advisory ID: KL-001-2020-001 Publication Date: 2020.04.13 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2020-001.txt 1. Vulnerability Details Affected Vendor...

Cellebrite Hardcoded ADB Authentication Keys

Vulnerability Details Affected Vendor: Cellebrite Affected Product: UFED Affected Version: 5.0 - 7.29 Platform: Embedded Windows CWE Classification: CWE-321: Use of hardcoded cryptographic keys CVE ID: CVE-2020-11723 2. Vulnerability Description Cellebrite UFED uses four hardcoded RSA private...

CVE-2020-1614 NFX250 Series: Hardcoded credentials in the vSRX VNF instance.

A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function VNF instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service e.g. SSH on the VNF, either locally, or...