Vulnerabilities > Use of Hard-coded Credentials
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-12 | CVE-2023-36647 | Use of Hard-coded Credentials vulnerability in Prolion Cryptospike 3.0.15 A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens. | 7.5 |
2023-12-12 | CVE-2023-36651 | Use of Hard-coded Credentials vulnerability in Prolion Cryptospike 3.0.15 Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials. | 7.2 |
2023-12-07 | CVE-2023-33413 | Use of Hard-coded Credentials vulnerability in Supermicro products The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands. | 8.8 |
2023-12-07 | CVE-2023-40300 | Use of Hard-coded Credentials vulnerability in Netscout Ngeniuspulse 3.8.00.2349.0 NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key. | 9.8 |
2023-12-05 | CVE-2023-6448 | Use of Hard-coded Credentials vulnerability in Unitronics products Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. | 9.8 |
2023-12-04 | CVE-2023-40463 | Use of Hard-coded Credentials vulnerability in Sierrawireless Aleos When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access. | 7.2 |
2023-12-04 | CVE-2023-40464 | Use of Hard-coded Credentials vulnerability in Sierrawireless Aleos Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. | 6.8 |
2023-12-01 | CVE-2023-28895 | Use of Hard-coded Credentials vulnerability in Preh Mib3 Firmware The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. | 6.8 |
2023-11-29 | CVE-2023-23324 | Use of Hard-coded Credentials vulnerability in Zumtobel Netlink CCD Firmware 3.80 Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials for the Administrator account. | 9.8 |
2023-11-28 | CVE-2023-29064 | Use of Hard-coded Credentials vulnerability in BD Facschorus The FACSChorus software contains sensitive information stored in plaintext. | 4.3 |