Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Topic
Date
Author
High
AudioCodes VoIP Phones Hardcoded Key
16.08.2023
Moritz Abrell
High
Cellebrite EPR Decryption Hardcoded AES Key Material
01.07.2020
Matthew Bergin
Low
Cellebrite UFED 7.29 Hardcoded ADB Authentication Keys
15.04.2020
Matthew Bergin
Med.
WolfVision Cynap 1.18g / 1.28j Hardcoded Credential
05.07.2019
Gerhard Klostermeier
Med.
MensaMax 4.3 Hardcoded Encryption Key Disclosure
02.10.2018
Stefan Pietsch
Med.
Riverbed RiOS Insecure Cryptographic Storage
14.02.2017
Jean-Christophe Baptis...
High
Checkmarx CxQL 7.1.5 Sandbox Bypass
04.09.2015
Huy-Ngoc DAU
Med.
Avaya one-X Agent 2.5 SP2 Cryptography Issues
04.09.2015
Sven Freund
Med.
Netop Remote Control 11.52 / 12.11 Credential Issue
25.08.2015
Matthias Deeg
High
SAP Mobile Platform DataVault Predictable Encryption Password
13.08.2015
Fernando Russ
Med.
FrontRange DSM 7.2.2.2331 Multiple Vulns
30.04.2015
Matthias Deeg
CVEMAP Search Results
CVE
Details
Description
2024-03-13
CVE-2024-2413
Updating...
Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute arbitrary code on the remote server using built-in system functionality.
2024-02-27
CVE-2024-1920
Updating...
A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2.2. This issue affects the function handle of the file /app/middleware/TokenVerify.php. The manipulation leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254855.
2024-02-06
CVE-2024-1258
Updating...
A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWT_KEY_ADMIN leads to use of hard-coded cryptographic key . The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252997 was assigned to this vulnerability.
2023-10-31
CVE-2023-46129
Updating...
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server 2.10 (Sep 2023) and newer for authentication callouts. In nkeys versions 0.4.0 through 0.4.5, corresponding with NATS server versions 2.10.0 through 2.10.3, the nkeys library's `xkeys` encryption handling logic mistakenly passed an array by value into an internal function, where the function mutated that buffer to populate the encryption key to use. As a result, all encryption was actually to an all-zeros key. This affects encryption only, not signing. FIXME: FILL IN IMPACT ON NATS-SERVER AUTH CALLOUT SECURITY. nkeys Go library 0.4.6, corresponding with NATS Server 2.10.4, has a patch for this issue. No known workarounds are available. For any application handling auth callouts in Go, if using the nkeys library, update the dependency, recompile and deploy that in lockstep.
2023-10-25
CVE-2023-42492
Updating...
EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key
2023-08-31
CVE-2023-3404
Updating...
The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pm_encrypt_decrypt_pass' function and used across all sites running the plugin. This makes it possible for authenticated attackers, with administrator-level permissions or above to decrypt and view users' passwords. If combined with another vulnerability, this can potentially grant lower-privileged users access to users' passwords.
2023-08-24
CVE-2023-32077
Updating...
Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone who is using version 0.17.1 can pull the latest docker image of the backend and restart the server.
2023-08-09
CVE-2023-3632
Updating...
Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.This issue affects Kunduz - Homework Helper App: before 6.2.3.
2023-07-26
CVE-2023-3947
Updating...
The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapi_encrypt_decrypt' function in versions up to, and including, 4.2.1. This makes it possible for unauthenticated attackers to decrypt and view the meeting id and password.
2023-07-18
CVE-2023-35763
Updating...
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext.
Copyright
2024
, cxsecurity.com
Back to Top
