Vulnerabilities > Use of Hard-coded Credentials

DATE CVE VULNERABILITY TITLE RISK
2017-11-01 CVE-2017-14376 Use of Hard-coded Credentials vulnerability in EMC Appsync
EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system.
local
low complexity
emc CWE-798
7.8
2017-10-27 CVE-2017-15582 Use of Hard-coded Credentials vulnerability in Writediary Diary With Lock 4.72
In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries.
network
low complexity
writediary CWE-798
7.5
2017-10-26 CVE-2017-15909 Use of Hard-coded Credentials vulnerability in Dlink Dgs-1500 Firmware 2.10.002/2.50.008/2.51.005
D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access.
network
low complexity
dlink CWE-798
critical
9.8
2017-10-22 CVE-2017-12317 Use of Hard-coded Credentials vulnerability in Cisco Advanced Malware Protection
The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software.
local
low complexity
cisco CWE-798
6.7
2017-10-10 CVE-2017-12860 Use of Hard-coded Credentials vulnerability in Epson Easymp 2.86
The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.In addition to the password, each projector has a hardcoded "backdoor" code (2270), which authenticates to all devices.
network
low complexity
epson CWE-798
critical
9.8
2017-09-29 CVE-2017-12239 Use of Hard-coded Credentials vulnerability in Cisco IOS XE
A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system.
low complexity
cisco CWE-798
6.8
2017-09-26 CVE-2017-9957 Use of Hard-coded Credentials vulnerability in Schneider-Electric U.Motion Builder 1.2.1
A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password.
network
low complexity
schneider-electric CWE-798
critical
9.8
2017-09-26 CVE-2017-9956 Use of Hard-coded Credentials vulnerability in Schneider-Electric U.Motion Builder 1.2.1
An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session.
network
low complexity
schneider-electric CWE-798
7.3
2017-09-25 CVE-2015-4667 Use of Hard-coded Credentials vulnerability in Xceedium Xsuite 2.3.0/2.4.3.0
Multiple hardcoded credentials in Xsuite 2.x.
network
low complexity
xceedium CWE-798
critical
9.8
2017-09-21 CVE-2017-12928 Use of Hard-coded Credentials vulnerability in Tecnovision DLX Spot Player4
A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with the same credentials.
network
low complexity
tecnovision CWE-798
critical
9.8