The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
Max CVSS
7.5
EPSS Score
0.61%
Published
2001-01-09
Updated
2020-04-02
Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly execute arbitrary commands.
Max CVSS
9.8
EPSS Score
1.50%
Published
2005-02-21
Updated
2024-02-13
The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has hard-coded public credentials that cannot be changed, which allows attackers to obtain sensitive information.
Max CVSS
7.5
EPSS Score
0.28%
Published
2005-11-21
Updated
2024-02-13
Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information.
Max CVSS
7.5
EPSS Score
1.25%
Published
2005-11-24
Updated
2024-02-13
admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the userName cookie.
Max CVSS
7.5
EPSS Score
1.19%
Published
2007-03-02
Updated
2017-07-29
The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive.
Max CVSS
7.8
EPSS Score
0.06%
Published
2007-03-07
Updated
2024-02-13
The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device.
Max CVSS
10.0
EPSS Score
1.20%
Published
2007-02-22
Updated
2019-05-23
EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface.
Max CVSS
10.0
EPSS Score
1.08%
Published
2008-04-14
Updated
2024-02-13

CVE-2008-1160

Public exploit
ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges.
Max CVSS
9.8
EPSS Score
18.31%
Published
2008-03-25
Updated
2024-02-13
manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.
Max CVSS
9.1
EPSS Score
0.30%
Published
2008-08-14
Updated
2024-02-13
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account.
Max CVSS
10.0
EPSS Score
0.79%
Published
2019-02-09
Updated
2019-02-13
Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi.
Max CVSS
10.0
EPSS Score
5.64%
Published
2010-06-10
Updated
2024-02-13
auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, (2) user, and (3) roxon accounts, which allows remote attackers to read arbitrary files from the FTP server.
Max CVSS
7.5
EPSS Score
0.26%
Published
2010-06-16
Updated
2024-02-13
Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568.
Max CVSS
7.8
EPSS Score
0.09%
Published
2010-07-22
Updated
2024-02-13
IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041.
Max CVSS
10.0
EPSS Score
0.31%
Published
2018-02-08
Updated
2018-03-10
The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token.
Max CVSS
9.8
EPSS Score
1.50%
Published
2012-08-25
Updated
2024-02-13
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors.
Max CVSS
9.3
EPSS Score
1.15%
Published
2020-02-08
Updated
2020-02-12
Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors.
Max CVSS
5.0
EPSS Score
0.22%
Published
2013-02-15
Updated
2022-04-12
ZPanel 10.0.1 has insufficient entropy for its password reset process.
Max CVSS
9.8
EPSS Score
0.21%
Published
2020-02-04
Updated
2020-02-06
An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password.
Max CVSS
10.0
EPSS Score
33.31%
Published
2020-02-10
Updated
2020-02-14
Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive.
Max CVSS
7.5
EPSS Score
0.40%
Published
2020-01-30
Updated
2020-02-10
An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06_FR, DCS-2121 1.06, DCS-2121 1.05_RU, DCS-2102 1.06_FR, DCS-2102 1.06, DCS-2102 1.05_RU, DCS-1130L 1.04, DCS-1130 1.04_US, DCS-1130 1.03, DCS-1100L 1.04, DCS-1100 1.04_US, and DCS-1100 1.03 due to hard-coded credentials that serve as a backdoor, which allows remote attackers to access the RTSP video stream.
Max CVSS
5.3
EPSS Score
4.20%
Published
2020-01-28
Updated
2021-04-26
An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sensitive information.
Max CVSS
7.5
EPSS Score
86.21%
Published
2020-01-29
Updated
2020-02-01
A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user obtain unauthorized access to CGI files.
Max CVSS
7.5
EPSS Score
5.84%
Published
2020-01-29
Updated
2020-01-31
Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session.
Max CVSS
10.0
EPSS Score
0.62%
Published
2019-12-11
Updated
2019-12-19
1174 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!