Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-07 | CVE-2021-33484 | Use of Hard-coded Credentials vulnerability in Onyaktech Comments PRO Project Onyaktech Comments PRO 3.8 An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. | 5.0 |
| 2021-09-03 | CVE-2021-40494 | Use of Hard-coded Credentials vulnerability in Adaptivescale Lxdui A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to gain admin access to the host system. | 10.0 |
| 2021-08-31 | CVE-2021-36234 | Use of Hard-coded Credentials vulnerability in Unit4 Mik.Starlight 7.9.5.24363 Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors. | 2.1 |
| 2021-08-31 | CVE-2021-34565 | Use of Hard-coded Credentials vulnerability in Pepperl-Fuchs products In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials. | 7.5 |
| 2021-08-30 | CVE-2021-29728 | Use of Hard-coded Credentials vulnerability in IBM products IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 4.0 |
| 2021-08-23 | CVE-2021-39613 | Use of Hard-coded Credentials vulnerability in Dlink Dvg-3104Ms Firmware 1.0.2.0.3/1.0.2.0.4/1.0.2.0.4E ** UNSUPPORTED WHEN ASSIGNED ** D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. | 5.0 |
| 2021-08-23 | CVE-2021-39614 | Use of Hard-coded Credentials vulnerability in Dlink Dvx-2000Ms Firmware D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. | 5.0 |
| 2021-08-23 | CVE-2021-39615 | Use of Hard-coded Credentials vulnerability in Dlink Dsr-500N Firmware 1.02 ** UNSUPPORTED WHEN ASSIGNED ** D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. | 10.0 |
| 2021-08-23 | CVE-2021-39245 | Use of Hard-coded Credentials vulnerability in Altus products Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices. | 5.0 |
| 2021-08-18 | CVE-2021-32588 | Use of Hard-coded Credentials vulnerability in Fortinet Fortiportal A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application archive files using the default hard-coded Tomcat Manager username and password. | 10.0 |