Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-14 | CVE-2023-40719 | Use of Hard-coded Credentials vulnerability in Fortinet Fortianalyzer and Fortimanager A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials. | 5.5 |
| 2023-11-14 | CVE-2023-33304 | Use of Hard-coded Credentials vulnerability in Fortinet Forticlient A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials. | 5.5 |
| 2023-11-10 | CVE-2023-47800 | Use of Hard-coded Credentials vulnerability in Natus Neuroworks EEG and Sleepworks Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services. | 9.8 |
| 2023-11-09 | CVE-2023-41137 | Use of Hard-coded Credentials vulnerability in Appsanywhere Client Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server. | 9.8 |
| 2023-11-06 | CVE-2023-5777 | Use of Hard-coded Credentials vulnerability in Weintek Easybuilder PRO Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server. | 9.8 |
| 2023-11-02 | CVE-2023-31579 | Use of Hard-coded Credentials vulnerability in Tangyh Lamp-Cloud Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. | 9.8 |
| 2023-10-27 | CVE-2023-45499 | Use of Hard-coded Credentials vulnerability in Vinchin Backup and Recovery 6.5.0.17561 VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials. | 9.8 |
| 2023-10-26 | CVE-2018-17558 | Use of Hard-coded Credentials vulnerability in Abus products Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root. | 9.8 |
| 2023-10-25 | CVE-2023-26219 | Use of Hard-coded Credentials vulnerability in Tibco products The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. | 8.8 |
| 2023-10-25 | CVE-2023-31581 | Use of Hard-coded Credentials vulnerability in Dromara Sureness Dromara Sureness before v1.0.8 was discovered to use a hardcoded key. | 9.8 |