Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-30 | CVE-2018-16158 | Use of Hard-coded Credentials vulnerability in Eaton products Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option. | 9.8 |
| 2018-08-29 | CVE-2018-12240 | Use of Hard-coded Credentials vulnerability in Symantec Norton Password Manager The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate credentials. | 5.9 |
| 2018-08-24 | CVE-2017-9821 | Use of Hard-coded Credentials vulnerability in Npci Bharat Interface for Money (Bhim) 1.3 The National Payments Corporation of India BHIM application 1.3 for Android relies on three hardcoded strings (AK-NPCIMB, IM-NPCIBM, and VK-NPCIBM) for SMS validation, which makes it easier for attackers to bypass authentication. | 9.8 |
| 2018-08-24 | CVE-2017-12577 | Use of Hard-coded Credentials vulnerability in Planex Cs-Qr20 Firmware and Smacam Night Vision An issue was discovered on the PLANEX CS-QR20 1.30. | 9.8 |
| 2018-08-24 | CVE-2017-12574 | Use of Hard-coded Credentials vulnerability in Planex Cs-W50Hd Firmware 030608/030715/030718 An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. | 9.8 |
| 2018-08-23 | CVE-2018-15808 | Use of Hard-coded Credentials vulnerability in Posim EVO 15.13 POSIM EVO 15.13 for Windows includes hardcoded database credentials for the "root" database user. | 9.8 |
| 2018-08-22 | CVE-2018-14801 | Use of Hard-coded Credentials vulnerability in Philips products In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords. | 6.2 |
| 2018-08-17 | CVE-2018-15360 | Use of Hard-coded Credentials vulnerability in Eltex Esp-200 Firmware 1.2.0 An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0. | 7.3 |
| 2018-08-16 | CVE-2018-11509 | Use of Hard-coded Credentials vulnerability in Asustor Data Master 3.1.0 ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. | 9.8 |
| 2018-08-15 | CVE-2017-13108 | Use of Hard-coded Credentials vulnerability in Psafe Dfndr Security 5.0.9 DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. | 7.5 |