Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-02 | CVE-2023-31579 | Use of Hard-coded Credentials vulnerability in Tangyh Lamp-Cloud Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. | 9.8 |
| 2023-10-27 | CVE-2023-45499 | Use of Hard-coded Credentials vulnerability in Vinchin Backup and Recovery VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials. | 9.8 |
| 2023-10-26 | CVE-2018-17558 | Use of Hard-coded Credentials vulnerability in Abus products Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root. | 9.8 |
| 2023-10-25 | CVE-2023-26219 | Use of Hard-coded Credentials vulnerability in Tibco products The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. | 8.8 |
| 2023-10-25 | CVE-2023-31581 | Use of Hard-coded Credentials vulnerability in Dromara Sureness Dromara Sureness before v1.0.8 was discovered to use a hardcoded key. | 9.8 |
| 2023-10-25 | CVE-2023-41372 | Use of Hard-coded Credentials vulnerability in Boschrexroth products The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair | 7.8 |
| 2023-10-25 | CVE-2023-42492 | Use of Hard-coded Credentials vulnerability in Busbaer Eisbaer Scada 3.0.6433.1964 EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key | 9.8 |
| 2023-10-25 | CVE-2023-46102 | Use of Hard-coded Credentials vulnerability in Boschrexroth products The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric key, that can be retrieved reversing both the Android Client application and the server-side web application. This issue allows an attacker able to control a malicious MQTT broker on the same subnet network of the device, to craft malicious messages and send them to the HMI device, executing arbitrary commands on the device itself. | 8.8 |
| 2023-10-23 | CVE-2022-22466 | Use of Hard-coded Credentials vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2023-10-17 | CVE-2023-41713 | Use of Hard-coded Credentials vulnerability in Sonicwall Sonicos SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function. | 7.5 |