Filtered by CWE-798
Total 1328 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2012-5686 1 Zpanelcp 1 Zpanel 2024-11-21 9.8 Critical
ZPanel 10.0.1 has insufficient entropy for its password reset process.
CVE-2012-4712 1 Moxa 2 Edr-g903, Edr-g903 Firmware 2024-11-21 N/A
Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors.
CVE-2012-4381 1 Mediawiki 1 Mediawiki 2024-11-21 8.1 High
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors.
CVE-2012-3503 4 Cloudforms Systemengine, Redhat, Rhel Sam and 1 more 4 1, Enterprise Linux Server, 1.1 and 1 more 2024-11-21 9.8 Critical
The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token.
CVE-2012-2166 1 Ibm 8 Xiv Storage System 2810-114, Xiv Storage System 2810-114 Firmware, Xiv Storage System 2810-a14 and 5 more 2024-11-21 N/A
IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041.
CVE-2010-2772 1 Siemens 2 Simatic Pcs 7, Simatic Wincc 2024-11-21 7.8 High
Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568.
CVE-2010-2073 1 Debian 1 Pyftpd 2024-11-21 7.5 High
auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, (2) user, and (3) roxon accounts, which allows remote attackers to read arbitrary files from the FTP server.
CVE-2010-1573 1 Linksys 2 Wap54g, Wap54g Firmware 2024-11-21 9.8 Critical
Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi.
CVE-2009-5154 1 Mobotix 2 S14, S14 Firmware 2024-11-21 N/A
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account.
CVE-2008-2369 1 Redhat 2 Network Satellite, Satellite 2024-11-21 9.1 Critical
manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.
CVE-2008-1160 1 Zyxel 2 Zywall 1050, Zywall 1050 Firmware 2024-11-21 9.8 Critical
ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges.
CVE-2008-0961 1 Emc 1 Diskxtender 2024-11-21 9.8 Critical
EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface.
CVE-2007-1063 1 Cisco 12 Unified Ip Phone 7906g, Unified Ip Phone 7911g, Unified Ip Phone 7941g and 9 more 2024-11-21 N/A
The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device.
CVE-2006-7142 1 Utimaco 1 Safeguard 2024-11-21 7.8 High
The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive.
CVE-2006-7074 1 Smartsitecms 1 Smartsitecms 2024-11-21 N/A
admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the userName cookie.
CVE-2005-3803 1 Cisco 2 Unified Wireless Ip Phone 7920, Unified Wireless Ip Phone 7920 Firmware 2024-11-21 7.5 High
Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information.
CVE-2005-3716 1 Utstarcom 2 F1000 Wi-fi, F1000 Wi-fi Firmware 2024-11-21 7.5 High
The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has hard-coded public credentials that cannot be changed, which allows attackers to obtain sensitive information.
CVE-2005-0496 1 Arkeia 1 Network Backup 2024-11-20 9.8 Critical
Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly execute arbitrary commands.
CVE-2000-1139 1 Microsoft 1 Exchange Server 2024-11-20 N/A
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
CVE-2024-7295 1 Progress 1 Telerik Report Server 2024-11-18 7.1 High
In ProgressĀ® TelerikĀ® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.