Hardcoded credentials

A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges...

BharatMatrimony - Matrimonial - Customized SSL, Hardcoded secrets, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application BharatMatrimony - Matrimonial published at the 'play' market has multiple vulnerabilities...

CVE-2017-7537

It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates...

AGFEO SmartHome Multiple Vulnerabilities

AGFEO SmartHome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:agfeo:smarthome"; if...

Hardcoded credentials

The Integrated User Firewall UserFW feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services authentication API,...

Hardcoded credentials

LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document...

CVE-2017-2343 SRX Series: Hardcoded credentials in Integrated UserFW feature.

The Integrated User Firewall UserFW feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services authentication API,...

CVE-2017-2343

CVE-2017-2343 affects Juniper Junos SRX Series with the Integrated User Firewall (UserFW) authentication API. The root cause is hardcoded credentials in UserFW, enabling an unauthenticated, remote attacker to potentially gain administrative access to the SRX device and compromise connected servic...

R7-2017-02: Hyundai Blue Link Potential Info Disclosure (FIXED)

Summary Due to a reliance on cleartext communications and the use of a hard-coded decryption password, two outdated versions of Hyundai Blue Link application software, 3.9.4 and 3.9.5 potentially expose sensitive information about registered users and their vehicles, including application...

AGFEO Smart Home ES 5xx / 6xx Authentication Bypass / XSS / Hardcoded Credentials Vulnerabilities

AGFEO Smart Home ES 5xx / 6xx versions 1.9b and 1.10 suffers from authentication bypass, cross site scripting, and hard-coded private key vulnerabilities. title: Multiple critical vulnerabilities product: AGFEO Smart Home ES 5xx AGFEO Smart Home ES 6xx vulnerable version: at least 1.9b, 1.10 fixe...

Juniper Networks Junos OS SRX Series: Hardcoded Credentials Vulnerability

Junos OS on SRX series contain hardcoded credentials. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"; if...

AGFEO Smart Home ES 5xx / 6xx Authentication Bypass / XSS / Hardcoded Credentials

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: AGFEO Smart Home ES 5xx AGFEO Smart Home ES 6xx vulnerable version: at least 1.9b, 1.10 fixed version: 1.12c CVE number: -...

Privat24 - Customized SSL, Hardcoded secrets, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application Privat24 published at the 'play' market has multiple vulnerabilities...

Zomato: [█████████] Hardcoded credentials in Android App

Authorization credentials for one of our development environments were hard coded in our Android App. We changed it as soon as this was reported. Thanks @gerbenjavado for reporting this. After decompiling the Zomato app I found basic HTTP credentials in the app. This sort of happend on accident...

Hardcoded credentials

Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges...

Solarwinds LEM 6.3.1 Hardcoded Credentials

KL-001-2017-015 : Solarwinds LEM Hardcoded Credentials Title: Solarwinds LEM Hardcoded Credentials Advisory ID: KL-001-2017-015 Publication Date: 2017.07.06 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-015.txt 1. Vulnerability Details Affected Vendor: Solarwinds...

SolarWinds Log and Event Manager (LEM) < 6.3.1 Hotfix 5 Hardcoded Credentials Vulnerability

SolarWinds Log and Event Manager LEM is prone to a hardcoded credentials vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Solarwinds LEM Hardcoded Credentials

Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials Impact: Unintended Access Attack vector: Local 2. Vulnerability Description The...

Hardcoded credentials

A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520,...

FortiWLM upgrade user account hard-coded credentials

FortiWLM has a hard-coded password for its "upgrade" user account, which it uses to transfer files to and from the FortiWLC controller. Having the upgrade account credentials would allow an attacker to transfer files to any attached or previously attached controllers as an admin user, thus raisin...