Vulnerabilities > Use of Hard-coded Credentials

DATE CVE VULNERABILITY TITLE RISK
2021-09-07 CVE-2021-33484 Use of Hard-coded Credentials vulnerability in Onyaktech Comments PRO Project Onyaktech Comments PRO 3.8
An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8.
network
low complexity
onyaktech-comments-pro-project CWE-798
5.0
2021-09-03 CVE-2021-40494 Use of Hard-coded Credentials vulnerability in Adaptivescale Lxdui
A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to gain admin access to the host system.
network
low complexity
adaptivescale CWE-798
critical
10.0
2021-08-31 CVE-2021-36234 Use of Hard-coded Credentials vulnerability in Unit4 Mik.Starlight 7.9.5.24363
Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors.
local
low complexity
unit4 CWE-798
2.1
2021-08-31 CVE-2021-34565 Use of Hard-coded Credentials vulnerability in Pepperl-Fuchs products
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.
network
low complexity
pepperl-fuchs CWE-798
7.5
2021-08-30 CVE-2021-29728 Use of Hard-coded Credentials vulnerability in IBM products
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
4.0
2021-08-23 CVE-2021-39613 Use of Hard-coded Credentials vulnerability in Dlink Dvg-3104Ms Firmware 1.0.2.0.3/1.0.2.0.4/1.0.2.0.4E
** UNSUPPORTED WHEN ASSIGNED ** D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.
network
low complexity
dlink CWE-798
5.0
2021-08-23 CVE-2021-39614 Use of Hard-coded Credentials vulnerability in Dlink Dvx-2000Ms Firmware
D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.
network
low complexity
dlink CWE-798
5.0
2021-08-23 CVE-2021-39615 Use of Hard-coded Credentials vulnerability in Dlink Dsr-500N Firmware 1.02
** UNSUPPORTED WHEN ASSIGNED ** D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device.
network
low complexity
dlink CWE-798
critical
10.0
2021-08-23 CVE-2021-39245 Use of Hard-coded Credentials vulnerability in Altus products
Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices.
network
low complexity
altus CWE-798
5.0
2021-08-18 CVE-2021-32588 Use of Hard-coded Credentials vulnerability in Fortinet Fortiportal
A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application archive files using the default hard-coded Tomcat Manager username and password.
network
low complexity
fortinet CWE-798
critical
10.0