CWE-798
Use of Hard-coded Credentials
BaseDraftLikelihood: High
Description
The product contains hard-coded credentials, such as a password or cryptographic key.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-191 · CAPEC-70
CVEs mapped to this weakness (354)
page 6 of 18| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-9358 | Cri | 0.64 | 9.8 | 0.01 | Jun 30, 2017 | A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords. | |
| CVE-2016-8731 | Cri | 0.64 | 9.8 | 0.01 | Jun 21, 2017 | Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device. | |
| CVE-2016-0726 | Cri | 0.64 | 9.8 | 0.00 | Jun 6, 2017 | The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials. | |
| CVE-2017-6131 | Cri | 0.64 | 9.8 | 0.01 | May 23, 2017 | In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH. | |
| CVE-2015-2887 | Cri | 0.64 | 9.8 | 0.00 | Apr 10, 2017 | iBaby M3S has a password of admin for the backdoor admin account. | |
| CVE-2015-2885 | Cri | 0.64 | 9.8 | 0.00 | Apr 10, 2017 | Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account. | |
| CVE-2015-2882 | Cri | 0.64 | 9.8 | 0.01 | Apr 10, 2017 | Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account. | |
| CVE-2015-2881 | Cri | 0.64 | 9.8 | 0.01 | Apr 10, 2017 | Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account. | |
| CVE-2017-7576 | Cri | 0.64 | 9.8 | 0.00 | Apr 6, 2017 | DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials (such as the username of energetic and password of wireless) meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting to the device via TELNET. This is fixed in recent versions including 1.4.8. | |
| CVE-2017-7574 | Cri | 0.64 | 9.8 | 0.00 | Apr 6, 2017 | Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in the decrypted data. After reading the user password, the project can be opened and modified with the Schneider product. | |
| CVE-2016-10308 | Cri | 0.64 | 9.8 | 0.02 | Mar 30, 2017 | Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the device, allowing full control over it. | |
| CVE-2016-10307 | Cri | 0.64 | 9.8 | 0.01 | Mar 30, 2017 | Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. | |
| CVE-2016-10306 | Cri | 0.64 | 9.8 | 0.01 | Mar 30, 2017 | Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. | |
| CVE-2016-10305 | Cri | 0.64 | 9.8 | 0.00 | Mar 30, 2017 | Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. | |
| CVE-2017-6403 | Cri | 0.64 | 9.8 | 0.01 | Mar 2, 2017 | An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password. | |
| CVE-2016-8567 | Cri | 0.64 | 9.8 | 0.00 | Feb 13, 2017 | An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP. | |
| CVE-2016-5818 | Cri | 0.64 | 9.8 | 0.00 | Feb 13, 2017 | An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device. | |
| CVE-2016-8954 | Cri | 0.64 | 9.8 | 0.01 | Feb 8, 2017 | IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database. | |
| CVE-2017-5600 | Cri | 0.64 | 9.8 | 0.01 | Feb 2, 2017 | The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account. | |
| CVE-2015-2867 | Cri | 0.64 | 9.8 | 0.03 | Jan 6, 2017 | A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system. |