Vulnerabilities > Use of Hard-coded Credentials
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-11-01 | CVE-2017-14376 | Use of Hard-coded Credentials vulnerability in EMC Appsync EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system. | 7.8 |
2017-10-27 | CVE-2017-15582 | Use of Hard-coded Credentials vulnerability in Writediary Diary With Lock 4.72 In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries. | 7.5 |
2017-10-26 | CVE-2017-15909 | Use of Hard-coded Credentials vulnerability in Dlink Dgs-1500 Firmware 2.10.002/2.50.008/2.51.005 D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access. | 9.8 |
2017-10-22 | CVE-2017-12317 | Use of Hard-coded Credentials vulnerability in Cisco Advanced Malware Protection The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. | 6.7 |
2017-10-10 | CVE-2017-12860 | Use of Hard-coded Credentials vulnerability in Epson Easymp 2.86 The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.In addition to the password, each projector has a hardcoded "backdoor" code (2270), which authenticates to all devices. | 9.8 |
2017-09-29 | CVE-2017-12239 | Use of Hard-coded Credentials vulnerability in Cisco IOS XE A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system. | 6.8 |
2017-09-26 | CVE-2017-9957 | Use of Hard-coded Credentials vulnerability in Schneider-Electric U.Motion Builder 1.2.1 A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. | 9.8 |
2017-09-26 | CVE-2017-9956 | Use of Hard-coded Credentials vulnerability in Schneider-Electric U.Motion Builder 1.2.1 An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. | 7.3 |
2017-09-25 | CVE-2015-4667 | Use of Hard-coded Credentials vulnerability in Xceedium Xsuite 2.3.0/2.4.3.0 Multiple hardcoded credentials in Xsuite 2.x. | 9.8 |
2017-09-21 | CVE-2017-12928 | Use of Hard-coded Credentials vulnerability in Tecnovision DLX Spot Player4 A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with the same credentials. | 9.8 |