CWE-1392
AllowedUse of Default Credentials
Abstraction: Base · Status: Incomplete
The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
191 vulnerabilities reference this CWE, most recent first.
GHSA-5RWM-3CC7-8WM8
Vulnerability from github – Published: 2025-04-22 06:30 – Updated: 2025-04-22 06:30Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF contains an authentication credentials leakage vulnerability.This issue affects Hitachi Ops Center Common Services: from 10.0.0-00 before 11.0.0-04; Hitachi Ops Center Analyzer viewpoint OVF: from 10.0.0-00 before 11.0.0-04.
{
"affected": [],
"aliases": [
"CVE-2024-46899"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-22T05:15:30Z",
"severity": "HIGH"
},
"details": "Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF contains an authentication credentials leakage vulnerability.This issue affects Hitachi Ops Center Common Services: from 10.0.0-00 before 11.0.0-04; Hitachi Ops Center Analyzer viewpoint OVF: from 10.0.0-00 before 11.0.0-04.",
"id": "GHSA-5rwm-3cc7-8wm8",
"modified": "2025-04-22T06:30:29Z",
"published": "2025-04-22T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46899"
},
{
"type": "WEB",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-111/index.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5VH9-RP4F-879M
Vulnerability from github – Published: 2025-08-13 18:31 – Updated: 2025-08-13 18:31A credential management flaw in Palo Alto Networks Cortex XDR® Broker VM causes different Broker VM images to share identical default credentials for internal services. Users knowing these default credentials could access internal services on other Broker VM installations.
The attacker must have network access to the Broker VM to exploit this issue.
{
"affected": [],
"aliases": [
"CVE-2025-2184"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-13T17:15:27Z",
"severity": "MODERATE"
},
"details": "A credential management flaw in Palo Alto Networks Cortex XDR\u00ae Broker VM causes different Broker VM images to share identical default credentials for internal services. Users knowing these default credentials could access internal services on other Broker VM installations.\n\nThe attacker must have network access to the Broker VM to exploit this issue.",
"id": "GHSA-5vh9-rp4f-879m",
"modified": "2025-08-13T18:31:24Z",
"published": "2025-08-13T18:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2184"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2025-2184"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Amber",
"type": "CVSS_V4"
}
]
}
GHSA-682G-R279-6GQ6
Vulnerability from github – Published: 2026-02-24 21:31 – Updated: 2026-02-26 18:31Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.
{
"affected": [],
"aliases": [
"CVE-2026-26341"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-24T20:27:48Z",
"severity": "CRITICAL"
},
"details": "Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.",
"id": "GHSA-682g-r279-6gq6",
"modified": "2026-02-26T18:31:38Z",
"published": "2026-02-24T21:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26341"
},
{
"type": "WEB",
"url": "https://www.tattile.com"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/tattile-smart-vega-basic-default-credentials"
},
{
"type": "WEB",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5977.php"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-6JMQ-W5RJ-FWV6
Vulnerability from github – Published: 2025-08-04 18:30 – Updated: 2025-08-04 21:30Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability.
{
"affected": [],
"aliases": [
"CVE-2025-51535"
],
"database_specific": {
"cwe_ids": [
"CWE-1392",
"CWE-89"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-04T17:15:31Z",
"severity": "MODERATE"
},
"details": "Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability.",
"id": "GHSA-6jmq-w5rj-fwv6",
"modified": "2025-08-04T21:30:42Z",
"published": "2025-08-04T18:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-51535"
},
{
"type": "WEB",
"url": "https://www.sec4you-pentest.com/schwachstelle/openatlas-unbeschraenkte-sql-konsole-im-admin-ui"
},
{
"type": "WEB",
"url": "https://www.sec4you-pentest.com/schwachstellen"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7422-RHQ7-3WFJ
Vulnerability from github – Published: 2025-07-25 18:30 – Updated: 2026-02-25 18:31An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute arbitrary code via the Gardyn Home component
{
"affected": [],
"aliases": [
"CVE-2025-29629"
],
"database_specific": {
"cwe_ids": [
"CWE-1392",
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-25T17:15:31Z",
"severity": "HIGH"
},
"details": "An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute arbitrary code via the Gardyn Home component",
"id": "GHSA-7422-rhq7-3wfj",
"modified": "2026-02-25T18:31:27Z",
"published": "2025-07-25T18:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29629"
},
{
"type": "WEB",
"url": "https://github.com/mselbrede/gardyn/blob/main/CVE-2025-29629.md"
},
{
"type": "WEB",
"url": "https://mygardyn.com/blog/security-update"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03"
},
{
"type": "WEB",
"url": "http://gardyn.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-78HF-XH79-2R7F
Vulnerability from github – Published: 2025-08-28 18:30 – Updated: 2025-08-28 18:30A vulnerability was identified in seeedstudio ReSpeaker LinkIt7688. Impacted is an unknown function of the file /etc/shadow of the component Administrative Interface. The manipulation leads to use of default credentials. An attack has to be approached locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-9576"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-28T18:15:34Z",
"severity": "LOW"
},
"details": "A vulnerability was identified in seeedstudio ReSpeaker LinkIt7688. Impacted is an unknown function of the file /etc/shadow of the component Administrative Interface. The manipulation leads to use of default credentials. An attack has to be approached locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-78hf-xh79-2r7f",
"modified": "2025-08-28T18:30:39Z",
"published": "2025-08-28T18:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9576"
},
{
"type": "WEB",
"url": "https://github.com/XXRicardo/iot-cve/blob/main/seeedstudio/ramips-openwrt-LinkIt7688.md"
},
{
"type": "WEB",
"url": "https://github.com/XXRicardo/iot-cve/blob/main/seeedstudio/ramips-openwrt-LinkIt7688.md#steps-to-reproduce"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.321690"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.321690"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.636068"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-799R-MF4M-6J6W
Vulnerability from github – Published: 2025-09-16 15:32 – Updated: 2025-09-16 15:32Control-M/Agents use a kdb or PKCS#12 keystore by default, and the default keystore password is well known and documented.
An attacker with read access to the keystore could access sensitive data using this password.
{
"affected": [],
"aliases": [
"CVE-2025-55110"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-16T13:16:04Z",
"severity": "MODERATE"
},
"details": "Control-M/Agents use a kdb or PKCS#12 keystore by default, and the default keystore password is well known and documented.\n\nAn attacker with read access to the keystore could access sensitive data using this password.",
"id": "GHSA-799r-mf4m-6j6w",
"modified": "2025-09-16T15:32:36Z",
"published": "2025-09-16T15:32:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55110"
},
{
"type": "WEB",
"url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441964"
},
{
"type": "WEB",
"url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-7HMV-FVPJ-WQ57
Vulnerability from github – Published: 2025-10-25 18:30 – Updated: 2025-11-10 15:31SNMP Default Community String (public).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
{
"affected": [],
"aliases": [
"CVE-2025-12217"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-25T16:15:40Z",
"severity": "MODERATE"
},
"details": "SNMP Default Community String (public).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.",
"id": "GHSA-7hmv-fvpj-wq57",
"modified": "2025-11-10T15:31:03Z",
"published": "2025-10-25T18:30:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12217"
},
{
"type": "WEB",
"url": "https://azure-access.com/security-advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-7HQ7-F7FV-849C
Vulnerability from github – Published: 2026-02-03 21:31 – Updated: 2026-02-03 21:31A weakness has been identified in Ziroom ZHOME A0101 1.0.1.0. Impacted is an unknown function of the component Dropbear SSH Service. This manipulation causes use of default credentials. Remote exploitation of the attack is possible. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2026-1803"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-03T20:15:57Z",
"severity": "HIGH"
},
"details": "A weakness has been identified in Ziroom ZHOME A0101 1.0.1.0. Impacted is an unknown function of the component Dropbear SSH Service. This manipulation causes use of default credentials. Remote exploitation of the attack is possible. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-7hq7-f7fv-849c",
"modified": "2026-02-03T21:31:52Z",
"published": "2026-02-03T21:31:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1803"
},
{
"type": "WEB",
"url": "https://github.com/Blackhole23-Lab/-/blob/main/vulns/ssh-backdoor.md"
},
{
"type": "WEB",
"url": "https://github.com/Blackhole23-Lab/-/blob/main/vulns/ssh-backdoor.md#proof-of-concept"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.343976"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.343976"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.745497"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.745529"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-7V7M-797M-7MCC
Vulnerability from github – Published: 2024-06-14 06:34 – Updated: 2024-07-04 06:35All the Toshiba printers share the same hardcoded root password. As for the affected products/models/versions, see the reference URL.
{
"affected": [],
"aliases": [
"CVE-2024-27158"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-14T04:15:27Z",
"severity": "HIGH"
},
"details": "All the Toshiba printers share the same hardcoded root password. As for the affected products/models/versions, see the reference URL.",
"id": "GHSA-7v7m-797m-7mcc",
"modified": "2024-07-04T06:35:03Z",
"published": "2024-06-14T06:34:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27158"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU97136265/index.html"
},
{
"type": "WEB",
"url": "https://www.toshibatec.com/information/20240531_01.html"
},
{
"type": "WEB",
"url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Prohibit use of default, hard-coded, or other values that do not vary for each installation of the product - especially for separate organizations.
Mitigation
Force the administrator to change the credential upon installation.
Mitigation
The product administrator could change the defaults upon installation or during operation.
No CAPEC attack patterns related to this CWE.