CWE-798
Use of Hard-coded Credentials
BaseDraftLikelihood: High
Description
The product contains hard-coded credentials, such as a password or cryptographic key.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-191 · CAPEC-70
CVEs mapped to this weakness (354)
page 5 of 18| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-9957 | Cri | 0.64 | 9.8 | 0.00 | Sep 26, 2017 | A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with high-privilege credentials. | |
| CVE-2017-12928 | Cri | 0.64 | 9.8 | 0.02 | Sep 21, 2017 | A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with the same credentials. | |
| CVE-2017-8772 | Cri | 0.64 | 9.8 | 0.00 | Sep 20, 2017 | On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root") and can: 1. Read the entire file system; 2. Write to the file system; or 3. Execute any code that attacker desires (malicious or not). | |
| CVE-2017-8771 | Cri | 0.64 | 9.8 | 0.00 | Sep 20, 2017 | On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root"). The attacker can make a user that is connected to the repeater click on a malicious link that will log into the telnet and will infect the device with malicious code. | |
| CVE-2017-14421 | Cri | 0.64 | 9.8 | 0.05 | Sep 13, 2017 | D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session. | |
| CVE-2017-11351 | Cri | 0.64 | 9.8 | 0.00 | Sep 13, 2017 | Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account. | |
| CVE-2014-8426 | Cri | 0.64 | 9.8 | 0.01 | Aug 28, 2017 | Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. | |
| CVE-2017-9852 | Cri | 0.64 | 9.8 | 0.00 | Aug 5, 2017 | An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwords are expected to be default or similar across installations installed by the same company (but are sometimes changed). Hidden user accounts have (at least in some cases, though more research is required to test this for all hidden user accounts) a fixed password for all devices; it can never be changed by a user. Other vulnerabilities exist that allow an attacker to get the passwords of these hidden user accounts. NOTE: the vendor reports that it has no influence on the allocation of passwords, and that global hardcoded master passwords do not exist. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected | |
| CVE-2017-10818 | Cri | 0.64 | 9.8 | 0.00 | Aug 4, 2017 | MaLion for Windows and Mac versions 3.2.1 to 5.2.1 uses a hardcoded cryptographic key which may allow an attacker to alter the connection settings of Terminal Agent and spoof the Relay Service. | |
| CVE-2017-11380 | Cri | 0.64 | 9.8 | 0.01 | Aug 1, 2017 | Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1. | |
| CVE-2017-11129 | Cri | 0.64 | 9.8 | 0.00 | Aug 1, 2017 | An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The keystore is locked with a hard-coded password. Therefore, everyone with access to the keystore can read the content out, for example the private key of the user. | |
| CVE-2017-11743 | Cri | 0.64 | 9.8 | 0.01 | Jul 31, 2017 | MEDHOST Connex contains a hard-coded Mirth Connect admin credential that is used for customer Mirth Connect management access. An attacker with knowledge of the hard-coded credential and the ability to communicate directly with the Mirth Connect management console may be able to intercept sensitive patient information. The admin account password is hard-coded as $K8t1ng throughout the application, and is the same across all installations. Customers do not have the option to change the Mirth Connect admin account password. The Mirth Connect admin account is created during the Connex install. The plaintext account password is hard-coded multiple times in the Connex install and update scripts. | |
| CVE-2017-11614 | Cri | 0.64 | 9.8 | 0.00 | Jul 25, 2017 | MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. Connex utilizes an IBM i DB2 user account for database access. The account name is HMSCXPDN. Its password is hard-coded in multiple places in the application. Customers do not have the option to change this password. The account has elevated DB2 roles, and can access all objects or database tables on the customer DB2 database. This account can access data through ODBC, FTP, and TELNET. Customers without Connex installed are still vulnerable because the MEDHOST setup program creates this account. | |
| CVE-2017-7336 | Cri | 0.64 | 9.8 | 0.01 | Jul 22, 2017 | A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges. | |
| CVE-2017-3222 | Cri | 0.64 | 9.8 | 0.06 | Jul 22, 2017 | Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager. | |
| CVE-2017-9932 | Cri | 0.64 | 9.8 | 0.00 | Jul 21, 2017 | Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account. | |
| CVE-2017-11436 | Cri | 0.64 | 9.8 | 0.01 | Jul 19, 2017 | D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection. | |
| CVE-2017-4976 | Cri | 0.64 | 9.8 | 0.01 | Jul 9, 2017 | EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. A remote attacker with the knowledge of the default password may login to the system and gain administrator privileges to the local LDAP directory server. | |
| CVE-2017-2236 | Cri | 0.64 | 9.8 | 0.00 | Jul 7, 2017 | Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges. | |
| CVE-2017-6022 | Cri | 0.64 | 9.8 | 0.01 | Jun 30, 2017 | A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database. |