Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-12 | CVE-2019-10694 | Use of Hard-coded Credentials vulnerability in Puppet Enterprise The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. | 9.8 |
| 2019-12-11 | CVE-2019-3983 | Use of Hard-coded Credentials vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11 Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections. | 6.8 |
| 2019-12-11 | CVE-2013-3542 | Use of Hard-coded Credentials vulnerability in Grandstream products Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session. | 10.0 |
| 2019-12-02 | CVE-2019-19021 | Use of Hard-coded Credentials vulnerability in Titanhq Webtitan An issue was discovered in TitanHQ WebTitan before 5.18. | 9.8 |
| 2019-12-02 | CVE-2019-19017 | Use of Hard-coded Credentials vulnerability in Titanhq Webtitan An issue was discovered in TitanHQ WebTitan before 5.18. | 8.1 |
| 2019-12-02 | CVE-2019-19492 | Use of Hard-coded Credentials vulnerability in Freeswitch FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml. | 9.8 |
| 2019-11-21 | CVE-2019-19033 | Use of Hard-coded Credentials vulnerability in Jalios Jcms 10.0 Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password. | 9.8 |
| 2019-11-21 | CVE-2019-6693 | Use of Hard-coded Credentials vulnerability in Fortinet Fortios Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. | 6.5 |
| 2019-11-21 | CVE-2018-9195 | Use of Hard-coded Credentials vulnerability in Fortinet Fortios Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. | 5.9 |
| 2019-11-14 | CVE-2019-15802 | Use of Hard-coded Credentials vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 5.9 |