keycloak: keycloak uses hardcoded open dummy domain for new accounts enabling information disclosure

A flaw was found in Keycloak. The use of an open hard-coded domain can allow an unauthorized login by setting up a mail server and resetting the user credentials, enabling information disclosure...

Hardcoded credentials

An issue was discovered in TitanHQ WebTitan before 5.18. The appliance has a hard-coded root password set during installation. An attacker could utilize this to gain root privileges on the system...

Hardcoded credentials

An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account with a hard-coded password in the web administration interface, with administrator privileges. Anybody can log in with this account...

keycloak: keycloak uses hardcoded open dummy domain for new accounts enabling information disclosure

A flaw was found in Keycloak. The use of an open hard-coded domain can allow an unauthorized login by setting up a mail server and resetting the user credentials, enabling information disclosure...

keycloak: keycloak uses hardcoded open dummy domain for new accounts enabling information disclosure

A flaw was found in Keycloak. The use of an open hard-coded domain can allow an unauthorized login by setting up a mail server and resetting the user credentials, enabling information disclosure...

keycloak: keycloak uses hardcoded open dummy domain for new accounts enabling information disclosure

A flaw was found in Keycloak. The use of an open hard-coded domain can allow an unauthorized login by setting up a mail server and resetting the user credentials, enabling information disclosure...

CVE-2019-19021

TitanHQ WebTitan before 5.18 is affected by an authentication flaw involving a hidden, hard-coded administrator account. The issue enables anyone to log in with this account and obtain administrator privileges through the web administration interface. Root cause details are not elaborated beyond ...

Hardcoded credentials

On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded...

Hardcoded credentials

Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page...

Hardcoded credentials

UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page...

Hardcoded credentials

Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page...

Hardcoded credentials

UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page...

Fortinet FortiClient < 6.2.2 Information Disclosure MitM (FG-IR-18-100) (macOS)

The remote macOS host is running a version of Fortinet FortiClient prior to 6.2.2. It is, therefore, affected by an information disclosure man-in-the-middle vulnerability in the FortiGuard services communication protocol due to the use of a hardcoded cryptographic key. A remote attacker with...

CVE-2019-19033

Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password...

CVE-2019-19033

Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password...

Hardcoded credentials

Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password...

CVE-2019-19033

Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password...

Hardcoded credentials

Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords except the...

CVE-2018-9195

Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient sent and...

CVE-2018-9195

Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient sent and...