Pearson ProctorCache Hardcoded Credentials Security Bypass Vulnerability

Pearson ProctorCache is a server software package from Pearson USA that is installed on a Windows system on a local LAN. A security vulnerability exists in Pearson ProctorCache versions prior to 2015.1.17 that stems from the program using the same hardcoded password during installation for...

CVE-2015-0972

Pearson ProctorCache before 2015.1.17 uses the same hardcoded password across different customers' installations, which allows remote attackers to modify test metadata or cause a denial of service test disruption by leveraging knowledge of this password...

Hardcoded credentials

Pearson ProctorCache before 2015.1.17 uses the same hardcoded password across different customers' installations, which allows remote attackers to modify test metadata or cause a denial of service test disruption by leveraging knowledge of this password...

CVE-2015-0972

Pearson ProctorCache before 2015.1.17 uses the same hardcoded password across different customers' installations, which allows remote attackers to modify test metadata or cause a denial of service test disruption by leveraging knowledge of this password...

CVE-2015-0972

Pearson ProctorCache (server software installed on Windows, local LAN) prior to version 2015.1.17 is vulnerable due to a hard-coded administrative password that is not unique per installation. This allows an attacker with knowledge of the credential to remotely modify test metadata or disrupt tes...

Hardcoded credentials

N-Tron 702-W Industrial Wireless Access Point devices use the same 1 SSH and 2 HTTPS private keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key...

Hardcoded credentials

The Kankun Smart Socket device and mobile application uses a hardcoded AES 256 bit key, which makes it easier for remote attackers to 1 obtain sensitive information by sniffing the network and 2 obtain access to the device by encrypting messages...

CVE-2015-4080

CVE-2015-4080 affects the Kankun Smart Socket device and its mobile app. The vulnerability stems from a hardcoded AES-256 key used to encrypt communications, enabling remote attackers on the local network to sniff traffic and potentially encrypt messages to gain access to the device. Public sourc...

CVE-2015-3001

SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password...

Hardcoded credentials

SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml...

Hardcoded credentials

SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password...

CVE-2015-2998

SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml...

CVE-2015-2998

SysAid Help Desk (before version 15.2) is affected by CVE-2015-2998 due to a hardcoded encryption key used to encrypt sensitive data. The vulnerability allows remote attackers to obtain sensitive information by decrypting the database password stored in WEB-INF/conf/serverConf.xml, as demonstrate...

CVE-2015-3001

SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password...

CVE-2015-3001

SysAid Help Desk (SysAid Help Desk before 15.2) is affected by multiple vulnerabilities including CVE-2015-3001 (use of a hard-coded sa password: Password1) and CVE-2015-2993 (administrator account creation). The issues enable bypass of access restrictions and potential remote compromise; some en...

Kankun Smart Socket / Mobile App Hardcoded AES Key

Hi List, Vulnerability ============= Hardcoded AES 256 bit key used in Kankun IoT/Smart socket and its mobile App Vulnerability Description ========================== The kankun smart socket device and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between th...

Hardcoded credentials

An unspecified ActiveX control in IBM SPSS Statistics 22.0 through FP1 on 32-bit platforms allows remote attackers to execute arbitrary code via a crafted HTML document...

Hardcoded credentials

ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets...

Hardcoded credentials

The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandboxlinux/naclsandboxlinux.cc in Google Chrome before 42.0.2311.90 does not have RLIMITAS and RLIMITDATA limits for Native Client aka NaCl processes, which might make it easier for remote attackers to conduct...

Hardcoded credentials

Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, does not properly handle bridge-group virtual interface BVI traffic, which allows remote attackers to cause a denial of service chip and card hangs and reloads by triggering use of a BVI interface...