Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-26219 | Use of Hard-coded Credentials vulnerability in Tibco products The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. | 8.8 |
| 2023-10-25 | CVE-2023-31581 | Use of Hard-coded Credentials vulnerability in Dromara Sureness Dromara Sureness before v1.0.8 was discovered to use a hardcoded key. | 9.8 |
| 2023-10-25 | CVE-2023-41372 | Use of Hard-coded Credentials vulnerability in Boschrexroth products The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair | 7.8 |
| 2023-10-25 | CVE-2023-42492 | Use of Hard-coded Credentials vulnerability in Busbaer Eisbaer Scada EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key | 9.8 |
| 2023-10-25 | CVE-2023-46102 | Use of Hard-coded Credentials vulnerability in Boschrexroth products The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric key, that can be retrieved reversing both the Android Client application and the server-side web application. This issue allows an attacker able to control a malicious MQTT broker on the same subnet network of the device, to craft malicious messages and send them to the HMI device, executing arbitrary commands on the device itself. | 8.8 |
| 2023-10-23 | CVE-2022-22466 | Use of Hard-coded Credentials vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2023-10-17 | CVE-2023-41713 | Use of Hard-coded Credentials vulnerability in Sonicwall Sonicos SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function. | 7.5 |
| 2023-10-16 | CVE-2023-33836 | Use of Hard-coded Credentials vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2023-10-11 | CVE-2023-45194 | Use of Hard-coded Credentials vulnerability in MRL products Use of default credentials vulnerability in MR-GM2 firmware Ver. | 4.3 |
| 2023-10-10 | CVE-2023-30801 | Use of Hard-coded Credentials vulnerability in Qbittorrent All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. | 9.8 |