8 matches found
EUVD-2026-17029
OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can recover and reuse the shared gateway credential outsi...
CVE-2026-33575 OpenClaw < 2026.3.12 - Long-lived Credential Exposure in Pairing Setup Codes
OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can recover and reuse the shared gateway credential outsi...
CVE-2026-33575 OpenClaw < 2026.3.12 - Long-lived Credential Exposure in Pairing Setup Codes
OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can recover and reuse the shared gateway credential outsi...
GHSA-7H7G-X2PX-94HJ OpenClaw: Pairing setup codes exposed long-lived shared gateway credentials instead of short-lived bootstrap tokens
Summary OpenClaw pairing setup codes generated by /pair and openclaw qr embedded the configured shared gateway token or password directly in the setup payload. Anyone who obtained that code from chat history, logs, screenshots, or copied QR payloads could recover the long-lived shared credential...
How Exposed Endpoints Increase Risk Across LLM Infrastructure
As more organizations run their own Large Language Models LLMs, they are also deploying more internal services and Application Programming Interfaces APIs to support those models. Modern security risks are being introduced less from the models themselves and more from the infrastructure that...
CVE-2025-48929
The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential e.g., not a token with a short expiration time that can be reused at a later date if discovered by an adversary...
VulnCheck KEV: CVE-2025-48929
The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential e.g., not a token with a short expiration time that can be reused at a later date if discovered by an adversary...
PT-2025-23112 · Unknown · Telemessage
Name of the Vulnerable Software and Affected Versions: TeleMessage service through 2025-05-05 Description: The issue concerns the implementation of authentication through a long-lived credential in the TeleMessage service, which can be reused if discovered by an adversary. This has been exploited...