Vulnerabilities > Use of Hard-coded Credentials

DATE CVE VULNERABILITY TITLE RISK
2016-08-31 CVE-2016-5333 Use of Hard-coded Credentials vulnerability in VMWare Photon OS 1.0
VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.
network
low complexity
vmware CWE-798
critical
9.8
2016-08-24 CVE-2016-5081 Use of Hard-coded Credentials vulnerability in Zmodo Zp-Ibh-13W and Zp-Ne-14-S
ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for remote attackers to obtain access via a TELNET session.
network
low complexity
zmodo CWE-798
critical
9.8
2016-06-09 CVE-2016-2310 Use of Hard-coded Credentials vulnerability in GE Multilink Firmware 5.4.1/5.5.0
General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface.
network
low complexity
ge CWE-798
critical
9.8
2012-08-25 CVE-2012-3503 Use of Hard-coded Credentials vulnerability in multiple products
The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token.
network
low complexity
theforeman redhat CWE-798
critical
9.8
2010-07-22 CVE-2010-2772 Use of Hard-coded Credentials vulnerability in Siemens Simatic PCS 7 and Simatic Wincc
Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568.
local
low complexity
siemens CWE-798
7.8
2010-06-16 CVE-2010-2073 Use of Hard-coded Credentials vulnerability in Debian Pyftpd 0.8.4
auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, (2) user, and (3) roxon accounts, which allows remote attackers to read arbitrary files from the FTP server.
network
low complexity
debian CWE-798
7.5
2010-06-10 CVE-2010-1573 Use of Hard-coded Credentials vulnerability in Linksys Wap54G Firmware
Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi.
network
low complexity
linksys CWE-798
critical
9.8
2008-08-14 CVE-2008-2369 Use of Hard-coded Credentials vulnerability in Redhat Satellite
manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.
network
low complexity
redhat CWE-798
critical
9.1
2008-04-14 CVE-2008-0961 Use of Hard-coded Credentials vulnerability in EMC Diskxtender 6.20.060
EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface.
network
low complexity
emc CWE-798
critical
9.8
2008-03-25 CVE-2008-1160 Use of Hard-coded Credentials vulnerability in Zyxel Zywall 1050 Firmware
ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges.
network
low complexity
zyxel CWE-798
critical
9.8