Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-03 | CVE-2021-40494 | Use of Hard-coded Credentials vulnerability in Adaptivescale Lxdui A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to gain admin access to the host system. | 9.8 |
| 2021-08-31 | CVE-2021-36234 | Use of Hard-coded Credentials vulnerability in Unit4 Mik.Starlight 7.9.5.24363 Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors. | 5.5 |
| 2021-08-30 | CVE-2021-29728 | Use of Hard-coded Credentials vulnerability in IBM products IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 4.9 |
| 2021-08-23 | CVE-2021-39613 | Use of Hard-coded Credentials vulnerability in Dlink Dvg-3104Ms Firmware 1.0.2.0.3/1.0.2.0.4/1.0.2.0.4E D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. | 9.8 |
| 2021-08-23 | CVE-2021-39614 | Use of Hard-coded Credentials vulnerability in Dlink Dvx-2000Ms Firmware D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. | 9.8 |
| 2021-08-23 | CVE-2021-39615 | Use of Hard-coded Credentials vulnerability in Dlink Dsr-500N Firmware 1.02 D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. | 9.8 |
| 2021-08-23 | CVE-2021-39245 | Use of Hard-coded Credentials vulnerability in Altus products Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices. | 7.5 |
| 2021-08-18 | CVE-2021-32588 | Use of Hard-coded Credentials vulnerability in Fortinet Fortiportal A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application archive files using the default hard-coded Tomcat Manager username and password. | 9.8 |
| 2021-08-11 | CVE-2020-25560 | Use of Hard-coded Credentials vulnerability in Sapphireims 5.0 In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. | 9.8 |
| 2021-08-11 | CVE-2020-25561 | Use of Hard-coded Credentials vulnerability in Sapphireims 5.0 SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. | 7.8 |