Common Weakness Enumeration

CWE-1392

Allowed

Use of Default Credentials

Abstraction: Base · Status: Incomplete

The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.

191 vulnerabilities reference this CWE, most recent first.

GHSA-5RWM-3CC7-8WM8

Vulnerability from github – Published: 2025-04-22 06:30 – Updated: 2025-04-22 06:30
VLAI
Details

Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF contains an authentication credentials leakage vulnerability.This issue affects Hitachi Ops Center Common Services: from 10.0.0-00 before 11.0.0-04; Hitachi Ops Center Analyzer viewpoint OVF: from 10.0.0-00 before 11.0.0-04.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-46899"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-22T05:15:30Z",
    "severity": "HIGH"
  },
  "details": "Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF contains an authentication credentials leakage vulnerability.This issue affects Hitachi Ops Center Common Services: from 10.0.0-00 before 11.0.0-04; Hitachi Ops Center Analyzer viewpoint OVF: from 10.0.0-00 before 11.0.0-04.",
  "id": "GHSA-5rwm-3cc7-8wm8",
  "modified": "2025-04-22T06:30:29Z",
  "published": "2025-04-22T06:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46899"
    },
    {
      "type": "WEB",
      "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-111/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5VH9-RP4F-879M

Vulnerability from github – Published: 2025-08-13 18:31 – Updated: 2025-08-13 18:31
VLAI
Details

A credential management flaw in Palo Alto Networks Cortex XDR® Broker VM causes different Broker VM images to share identical default credentials for internal services. Users knowing these default credentials could access internal services on other Broker VM installations.

The attacker must have network access to the Broker VM to exploit this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2184"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-13T17:15:27Z",
    "severity": "MODERATE"
  },
  "details": "A credential management flaw in Palo Alto Networks Cortex XDR\u00ae Broker VM causes different Broker VM images to share identical default credentials for internal services. Users knowing these default credentials could access internal services on other Broker VM installations.\n\nThe attacker must have network access to the Broker VM to exploit this issue.",
  "id": "GHSA-5vh9-rp4f-879m",
  "modified": "2025-08-13T18:31:24Z",
  "published": "2025-08-13T18:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2184"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2025-2184"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Amber",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-682G-R279-6GQ6

Vulnerability from github – Published: 2026-02-24 21:31 – Updated: 2026-02-26 18:31
VLAI
Details

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-26341"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-24T20:27:48Z",
    "severity": "CRITICAL"
  },
  "details": "Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.",
  "id": "GHSA-682g-r279-6gq6",
  "modified": "2026-02-26T18:31:38Z",
  "published": "2026-02-24T21:31:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26341"
    },
    {
      "type": "WEB",
      "url": "https://www.tattile.com"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/tattile-smart-vega-basic-default-credentials"
    },
    {
      "type": "WEB",
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5977.php"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-6JMQ-W5RJ-FWV6

Vulnerability from github – Published: 2025-08-04 18:30 – Updated: 2025-08-04 21:30
VLAI
Details

Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-51535"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392",
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-04T17:15:31Z",
    "severity": "MODERATE"
  },
  "details": "Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability.",
  "id": "GHSA-6jmq-w5rj-fwv6",
  "modified": "2025-08-04T21:30:42Z",
  "published": "2025-08-04T18:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-51535"
    },
    {
      "type": "WEB",
      "url": "https://www.sec4you-pentest.com/schwachstelle/openatlas-unbeschraenkte-sql-konsole-im-admin-ui"
    },
    {
      "type": "WEB",
      "url": "https://www.sec4you-pentest.com/schwachstellen"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7422-RHQ7-3WFJ

Vulnerability from github – Published: 2025-07-25 18:30 – Updated: 2026-02-25 18:31
VLAI
Details

An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute arbitrary code via the Gardyn Home component

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-29629"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392",
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-25T17:15:31Z",
    "severity": "HIGH"
  },
  "details": "An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute arbitrary code via the Gardyn Home component",
  "id": "GHSA-7422-rhq7-3wfj",
  "modified": "2026-02-25T18:31:27Z",
  "published": "2025-07-25T18:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29629"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mselbrede/gardyn/blob/main/CVE-2025-29629.md"
    },
    {
      "type": "WEB",
      "url": "https://mygardyn.com/blog/security-update"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03"
    },
    {
      "type": "WEB",
      "url": "http://gardyn.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-78HF-XH79-2R7F

Vulnerability from github – Published: 2025-08-28 18:30 – Updated: 2025-08-28 18:30
VLAI
Details

A vulnerability was identified in seeedstudio ReSpeaker LinkIt7688. Impacted is an unknown function of the file /etc/shadow of the component Administrative Interface. The manipulation leads to use of default credentials. An attack has to be approached locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-9576"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-28T18:15:34Z",
    "severity": "LOW"
  },
  "details": "A vulnerability was identified in seeedstudio ReSpeaker LinkIt7688. Impacted is an unknown function of the file /etc/shadow of the component Administrative Interface. The manipulation leads to use of default credentials. An attack has to be approached locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-78hf-xh79-2r7f",
  "modified": "2025-08-28T18:30:39Z",
  "published": "2025-08-28T18:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9576"
    },
    {
      "type": "WEB",
      "url": "https://github.com/XXRicardo/iot-cve/blob/main/seeedstudio/ramips-openwrt-LinkIt7688.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/XXRicardo/iot-cve/blob/main/seeedstudio/ramips-openwrt-LinkIt7688.md#steps-to-reproduce"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.321690"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.321690"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.636068"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-799R-MF4M-6J6W

Vulnerability from github – Published: 2025-09-16 15:32 – Updated: 2025-09-16 15:32
VLAI
Details

Control-M/Agents use a kdb or PKCS#12 keystore by default, and the default keystore password is well known and documented.

An attacker with read access to the keystore could access sensitive data using this password.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-55110"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-16T13:16:04Z",
    "severity": "MODERATE"
  },
  "details": "Control-M/Agents use a kdb or PKCS#12 keystore by default, and the default keystore password is well known and documented.\n\nAn attacker with read access to the keystore could access sensitive data using this password.",
  "id": "GHSA-799r-mf4m-6j6w",
  "modified": "2025-09-16T15:32:36Z",
  "published": "2025-09-16T15:32:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55110"
    },
    {
      "type": "WEB",
      "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441964"
    },
    {
      "type": "WEB",
      "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-7HMV-FVPJ-WQ57

Vulnerability from github – Published: 2025-10-25 18:30 – Updated: 2025-11-10 15:31
VLAI
Details

SNMP Default Community String (public).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-12217"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-25T16:15:40Z",
    "severity": "MODERATE"
  },
  "details": "SNMP Default Community String (public).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.",
  "id": "GHSA-7hmv-fvpj-wq57",
  "modified": "2025-11-10T15:31:03Z",
  "published": "2025-10-25T18:30:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12217"
    },
    {
      "type": "WEB",
      "url": "https://azure-access.com/security-advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-7HQ7-F7FV-849C

Vulnerability from github – Published: 2026-02-03 21:31 – Updated: 2026-02-03 21:31
VLAI
Details

A weakness has been identified in Ziroom ZHOME A0101 1.0.1.0. Impacted is an unknown function of the component Dropbear SSH Service. This manipulation causes use of default credentials. Remote exploitation of the attack is possible. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-1803"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-03T20:15:57Z",
    "severity": "HIGH"
  },
  "details": "A weakness has been identified in Ziroom ZHOME A0101 1.0.1.0. Impacted is an unknown function of the component Dropbear SSH Service. This manipulation causes use of default credentials. Remote exploitation of the attack is possible. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-7hq7-f7fv-849c",
  "modified": "2026-02-03T21:31:52Z",
  "published": "2026-02-03T21:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1803"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Blackhole23-Lab/-/blob/main/vulns/ssh-backdoor.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Blackhole23-Lab/-/blob/main/vulns/ssh-backdoor.md#proof-of-concept"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.343976"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.343976"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.745497"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.745529"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-7V7M-797M-7MCC

Vulnerability from github – Published: 2024-06-14 06:34 – Updated: 2024-07-04 06:35
VLAI
Details

All the Toshiba printers share the same hardcoded root password. As for the affected products/models/versions, see the reference URL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-27158"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-14T04:15:27Z",
    "severity": "HIGH"
  },
  "details": "All the Toshiba printers share the same hardcoded root password. As for the affected products/models/versions, see the reference URL.",
  "id": "GHSA-7v7m-797m-7mcc",
  "modified": "2024-07-04T06:35:03Z",
  "published": "2024-06-14T06:34:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27158"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.toshibatec.com/information/20240531_01.html"
    },
    {
      "type": "WEB",
      "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Jul/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Requirements

Prohibit use of default, hard-coded, or other values that do not vary for each installation of the product - especially for separate organizations.

Mitigation
Architecture and Design

Force the administrator to change the credential upon installation.

Mitigation
Installation Operation

The product administrator could change the defaults upon installation or during operation.

No CAPEC attack patterns related to this CWE.