CWE-321
AllowedUse of Hard-coded Cryptographic Key
Abstraction: Variant · Status: Draft
The product uses a hard-coded, unchangeable cryptographic key.
503 vulnerabilities reference this CWE, most recent first.
GHSA-M6W5-P6G8-JPM6
Vulnerability from github – Published: 2024-05-03 03:30 – Updated: 2024-05-03 03:30Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the TmwCrypto class. The issue results from the usage of a hard-coded cryptograhic key and the usage of a hard-coded certificate. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20615.
{
"affected": [],
"aliases": [
"CVE-2023-39465"
],
"database_specific": {
"cwe_ids": [
"CWE-321"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T03:15:12Z",
"severity": "HIGH"
},
"details": "Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the TmwCrypto class. The issue results from the usage of a hard-coded cryptograhic key and the usage of a hard-coded certificate. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20615.",
"id": "GHSA-m6w5-p6g8-jpm6",
"modified": "2024-05-03T03:30:56Z",
"published": "2024-05-03T03:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39465"
},
{
"type": "WEB",
"url": "https://www.trianglemicroworks.com/products/scada-data-gateway/what\u0027s-new"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1033"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M727-97QG-JRMP
Vulnerability from github – Published: 2025-03-14 12:32 – Updated: 2025-03-14 12:32The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including LinkedIn client and secret keys.
{
"affected": [],
"aliases": [
"CVE-2024-13773"
],
"database_specific": {
"cwe_ids": [
"CWE-321",
"CWE-798"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-14T12:15:14Z",
"severity": "HIGH"
},
"details": "The Civi - Job Board \u0026 Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including LinkedIn client and secret keys.",
"id": "GHSA-m727-97qg-jrmp",
"modified": "2025-03-14T12:32:02Z",
"published": "2025-03-14T12:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13773"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e3499182-7501-4fec-a7c6-b66ae47533cd?source=cve"
},
{
"type": "WEB",
"url": "http://localhost:1337/wp-content/themes/civi/includes/class-init.php#L36"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-M83F-PX8C-C623
Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-05-24 17:36A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The implemented encryption for communication with affected devices is prone to replay attacks due to the usage of a static key. An attacker could change the password or change the configuration on any affected device if using prepared messages that were generated for another device.
{
"affected": [],
"aliases": [
"CVE-2020-25229"
],
"database_specific": {
"cwe_ids": [
"CWE-294",
"CWE-321",
"CWE-798"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-14T21:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions \u003c V8.3). The implemented encryption for communication with affected devices is prone to replay attacks due to the usage of a static key. An attacker could change the password or change the configuration on any affected device if using prepared messages that were generated for another device.",
"id": "GHSA-m83f-px8c-c623",
"modified": "2022-05-24T17:36:17Z",
"published": "2022-05-24T17:36:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25229"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MC2F-W8RF-JPVF
Vulnerability from github – Published: 2023-07-05 21:30 – Updated: 2024-04-04 05:23AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.
{
"affected": [],
"aliases": [
"CVE-2023-34338"
],
"database_specific": {
"cwe_ids": [
"CWE-321",
"CWE-798"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-05T19:15:09Z",
"severity": "CRITICAL"
},
"details": "AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.\u00a0",
"id": "GHSA-mc2f-w8rf-jpvf",
"modified": "2024-04-04T05:23:57Z",
"published": "2023-07-05T21:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34338"
},
{
"type": "WEB",
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023006.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MC6C-V4M2-858F
Vulnerability from github – Published: 2026-02-19 21:30 – Updated: 2026-02-23 15:31In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the PostgreSQL database with superuser privileges, create administrative users for the web interface, and potentially escalate privileges further.
{
"affected": [],
"aliases": [
"CVE-2025-67305"
],
"database_specific": {
"cwe_ids": [
"CWE-321"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-19T21:18:28Z",
"severity": "CRITICAL"
},
"details": "In RUCKUS Network Director (RND) \u003c 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the PostgreSQL database with superuser privileges, create administrative users for the web interface, and potentially escalate privileges further.",
"id": "GHSA-mc6c-v4m2-858f",
"modified": "2026-02-23T15:31:14Z",
"published": "2026-02-19T21:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67305"
},
{
"type": "WEB",
"url": "https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-012-ruckus-nd-hardcoded-ssh-keys-rce.md"
},
{
"type": "WEB",
"url": "https://webresources.commscope.com/download/assets/RUCKUS+Network+Director%3A+Critical+Security+Bypass+Vulnerability+Leading+to+Remote+Code+Execution+and/3adeb3acb69211f08a46b6532db37357"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MR45-RX8Q-WCM9
Vulnerability from github – Published: 2023-10-31 21:19 – Updated: 2023-10-31 21:19Background
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing.
The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server 2.10 (Sep 2023) and newer for authentication callouts.
Problem Description
The nkeys library's "xkeys" encryption handling logic mistakenly passed an array by value into an internal function, where the function mutated that buffer to populate the encryption key to use. As a result, all encryption was actually to an all-zeros key.
This affects encryption only, not signing.
FIXME: FILL IN IMPACT ON NATS-SERVER AUTH CALLOUT SECURITY.
Affected versions
nkeys Go library: * 0.4.0 up to and including 0.4.5 * Fixed with nats-io/nkeys: 0.4.6
NATS Server: * 2.10.0 up to and including 2.10.3 * Fixed with nats-io/nats-server: 2.10.4
Solution
Upgrade the nats-server.
For any application handling auth callouts in Go, if using the nkeys library, update the dependency, recompile and deploy that in lockstep.
Credits
Problem reported by Quentin Matillat (GitHub @tinou98).
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.4.5"
},
"package": {
"ecosystem": "Go",
"name": "github.com/nats-io/nkeys"
},
"ranges": [
{
"events": [
{
"introduced": "0.4.0"
},
{
"fixed": "0.4.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.10.3"
},
"package": {
"ecosystem": "Go",
"name": "github.com/nats-io/nats-server/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.10.0"
},
{
"fixed": "2.10.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-46129"
],
"database_specific": {
"cwe_ids": [
"CWE-321",
"CWE-325"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-31T21:19:02Z",
"nvd_published_at": "2023-10-31T00:15:09Z",
"severity": "HIGH"
},
"details": "## Background\n\nNATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing.\n\nThe cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server 2.10 (Sep 2023) and newer for authentication callouts.\n\n## Problem Description\n\nThe nkeys library\u0027s \"xkeys\" encryption handling logic mistakenly passed an array by value into an internal function, where the function mutated that buffer to populate the encryption key to use. As a result, all encryption was actually to an all-zeros key.\n\nThis affects encryption only, not signing. \nFIXME: FILL IN IMPACT ON NATS-SERVER AUTH CALLOUT SECURITY.\n\n## Affected versions\n\nnkeys Go library:\n * 0.4.0 up to and including 0.4.5\n * Fixed with nats-io/nkeys: 0.4.6\n\nNATS Server:\n * 2.10.0 up to and including 2.10.3\n * Fixed with nats-io/nats-server: 2.10.4\n\n## Solution\n\nUpgrade the nats-server. \nFor any application handling auth callouts in Go, if using the nkeys library, update the dependency, recompile and deploy that in lockstep.\n\n## Credits\n\nProblem reported by Quentin Matillat (GitHub @tinou98).",
"id": "GHSA-mr45-rx8q-wcm9",
"modified": "2023-10-31T21:19:02Z",
"published": "2023-10-31T21:19:02Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nats-io/nkeys/security/advisories/GHSA-mr45-rx8q-wcm9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46129"
},
{
"type": "WEB",
"url": "https://github.com/nats-io/nkeys/commit/58fb9d69f42ea73fffad1d14e5914dc666f3daa1"
},
{
"type": "PACKAGE",
"url": "https://github.com/nats-io/nkeys"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/10/31/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "xkeys seal encryption used fixed key for all encryption"
}
GHSA-MV7P-34FV-4874
Vulnerability from github – Published: 2025-12-09 17:42 – Updated: 2025-12-09 17:42Impact
CVE-2025-13877 is an authentication bypass vulnerability caused by insecure default JWT key usage in NocoBase Docker deployments.
Because the official one-click Docker deployment configuration historically provided a public default JWT key, attackers can forge valid JWT tokens without possessing any legitimate credentials. By constructing a token with a known userId (commonly the administrator account), an attacker can directly bypass authentication and authorization checks.
Successful exploitation allows an attacker to:
- Bypass authentication entirely
- Impersonate arbitrary users
- Gain full administrator privileges
- Access sensitive business data
- Create, modify, or delete users
- Access cloud storage credentials and other protected secrets
The vulnerability is remotely exploitable, requires no authentication, and public proof-of-concept exploits are available.
This issue is functionally equivalent in impact to other JWT secret exposure vulnerabilities such as CVE-2024-43441 and CVE-2025-30206.
Deployments that used the default Docker configuration without explicitly overriding the JWT secret are affected.
Patches
✅ The vulnerability has been fully patched through a secure JWT key management redesign.
The remediation enforces the following security guarantees:
- JWT secrets are no longer allowed to fall back to public default values.
- Secrets must either:
- Be explicitly provided by the user, or
- Be securely generated using cryptographically strong randomness at first startup.
- Generated secrets are persisted securely with restricted filesystem permissions.
- Invalid or weak secret values immediately trigger a startup failure.
✅ Fixed Versions: - NocoBase ≥ 1.9.23 - NocoBase ≥ 1.9.0-beta.18 - NocoBase ≥ 2.0.0-alpha.52
Workarounds
If upgrading is not immediately possible, the following temporary mitigations must be performed to reduce risk:
- Explicitly set a strong, randomly generated JWT secret via environment variables
APP_KEY. - Restart all running NocoBase instances so the new secret takes effect.
- Invalidate all existing JWT sessions, forcing complete user re-authentication.
- Verify that no default secret values are present in:
docker-compose.yml.envfiles- Kubernetes Secrets
References
- CVE Record: CVE-2025-13877
- VulDB Entry: https://vuldb.com/?id.334033
-
Public Exploit Proof:
https://gist.github.com/H2u8s/f3ede60d7ecfe598ae452aa5a8fbb90d -
Affected Default Docker Configurations:
- https://github.com/nocobase/nocobase/blob/main/docker/app-mysql/docker-compose.yml#L13
- https://github.com/nocobase/nocobase/blob/main/docker/app-mariadb/docker-compose.yml#L13
- https://github.com/nocobase/nocobase/blob/main/docker/app-postgres/docker-compose.yml#L11
-
https://github.com/nocobase/nocobase/blob/main/docker/app-sqlite/docker-compose.yml#L11
-
Official Deployment Documentation:
- https://docs.nocobase.com/welcome/getting-started/installation/docker-compose
- https://v2.docs.nocobase.com/get-started/installation/docker
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.9.21"
},
"package": {
"ecosystem": "npm",
"name": "@nocobase/auth"
},
"ranges": [
{
"events": [
{
"introduced": "1.9.0"
},
{
"fixed": "1.9.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.9.0-beta.17"
},
"package": {
"ecosystem": "npm",
"name": "@nocobase/auth"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.0-beta.18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.0.0-alpha.51"
},
"package": {
"ecosystem": "npm",
"name": "@nocobase/auth"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0-alpha.1"
},
{
"fixed": "2.0.0-alpha.52"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-13877"
],
"database_specific": {
"cwe_ids": [
"CWE-1320",
"CWE-321"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-09T17:42:53Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Impact\n\nCVE-2025-13877 is an **authentication bypass vulnerability caused by insecure default JWT key usage** in NocoBase Docker deployments.\n\nBecause the official one-click Docker deployment configuration historically provided a **public default JWT key**, attackers can **forge valid JWT tokens without possessing any legitimate credentials**. By constructing a token with a known `userId` (commonly the administrator account), an attacker can directly bypass authentication and authorization checks.\n\nSuccessful exploitation allows an attacker to:\n\n- Bypass authentication entirely\n- Impersonate arbitrary users\n- Gain full administrator privileges\n- Access sensitive business data\n- Create, modify, or delete users\n- Access cloud storage credentials and other protected secrets\n\nThe vulnerability is **remotely exploitable**, requires **no authentication**, and **public proof-of-concept exploits are available**. \nThis issue is functionally equivalent in impact to other JWT secret exposure vulnerabilities such as **CVE-2024-43441** and **CVE-2025-30206**.\n\nDeployments that used the default Docker configuration without explicitly overriding the JWT secret are affected.\n\n---\n\n### Patches\n\n\u2705 The vulnerability has been **fully patched** through a secure JWT key management redesign.\n\nThe remediation enforces the following security guarantees:\n\n- JWT secrets are no longer allowed to fall back to public default values.\n- Secrets must either:\n - Be explicitly provided by the user, or\n - Be securely generated using cryptographically strong randomness at first startup.\n- Generated secrets are persisted securely with restricted filesystem permissions.\n- Invalid or weak secret values immediately trigger a startup failure.\n\n\u2705 Fixed Versions:\n- **NocoBase \u2265 1.9.23**\n- **NocoBase \u2265 1.9.0-beta.18**\n- **NocoBase \u2265 2.0.0-alpha.52**\n\n---\n\n### Workarounds\n\nIf upgrading is not immediately possible, the following temporary mitigations **must** be performed to reduce risk:\n\n1. Explicitly set a **strong, randomly generated JWT secret** via environment variables `APP_KEY`.\n2. **Restart all running NocoBase instances** so the new secret takes effect.\n3. **Invalidate all existing JWT sessions**, forcing complete user re-authentication.\n4. Verify that **no default secret values** are present in:\n - `docker-compose.yml`\n - `.env` files\n - Kubernetes Secrets\n\n---\n\n### References\n\n- **CVE Record:** CVE-2025-13877 \n- **VulDB Entry:** https://vuldb.com/?id.334033 \n- **Public Exploit Proof:** \n https://gist.github.com/H2u8s/f3ede60d7ecfe598ae452aa5a8fbb90d \n\n- **Affected Default Docker Configurations:** \n - https://github.com/nocobase/nocobase/blob/main/docker/app-mysql/docker-compose.yml#L13 \n - https://github.com/nocobase/nocobase/blob/main/docker/app-mariadb/docker-compose.yml#L13 \n - https://github.com/nocobase/nocobase/blob/main/docker/app-postgres/docker-compose.yml#L11 \n - https://github.com/nocobase/nocobase/blob/main/docker/app-sqlite/docker-compose.yml#L11 \n\n- **Official Deployment Documentation:** \n - https://docs.nocobase.com/welcome/getting-started/installation/docker-compose \n - https://v2.docs.nocobase.com/get-started/installation/docker",
"id": "GHSA-mv7p-34fv-4874",
"modified": "2025-12-09T17:42:53Z",
"published": "2025-12-09T17:42:53Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nocobase/nocobase/security/advisories/GHSA-mv7p-34fv-4874"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13877"
},
{
"type": "WEB",
"url": "https://github.com/nocobase/nocobase/commit/de4292ea7847dd26c6306445091769f8b9ee96d5"
},
{
"type": "WEB",
"url": "https://docs.nocobase.com/welcome/getting-started/installation/docker-compose"
},
{
"type": "WEB",
"url": "https://gist.github.com/H2u8s/f3ede60d7ecfe598ae452aa5a8fbb90d"
},
{
"type": "PACKAGE",
"url": "https://github.com/nocobase/nocobase"
},
{
"type": "WEB",
"url": "https://github.com/nocobase/nocobase/blob/main/docker/app-mariadb/docker-compose.yml#L13"
},
{
"type": "WEB",
"url": "https://github.com/nocobase/nocobase/blob/main/docker/app-mysql/docker-compose.yml#L13"
},
{
"type": "WEB",
"url": "https://github.com/nocobase/nocobase/blob/main/docker/app-postgres/docker-compose.yml#L11"
},
{
"type": "WEB",
"url": "https://github.com/nocobase/nocobase/blob/main/docker/app-sqlite/docker-compose.yml#L11"
},
{
"type": "WEB",
"url": "https://v2.docs.nocobase.com/get-started/installation/docker"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.334033"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.334033"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.692205"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments"
}
GHSA-P2HM-2CJF-F2WG
Vulnerability from github – Published: 2022-11-25 00:30 – Updated: 2022-11-28 21:30Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally.
{
"affected": [],
"aliases": [
"CVE-2022-29827"
],
"database_specific": {
"cwe_ids": [
"CWE-321",
"CWE-798"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-25T00:15:00Z",
"severity": "HIGH"
},
"details": "Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally.",
"id": "GHSA-p2hm-2cjf-f2wg",
"modified": "2022-11-28T21:30:22Z",
"published": "2022-11-25T00:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29827"
},
{
"type": "WEB",
"url": "https://jvn.jp/vu/JVNVU97244961/index.html"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05"
},
{
"type": "WEB",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P79H-RMMR-JMR7
Vulnerability from github – Published: 2025-10-17 06:31 – Updated: 2025-10-17 06:31Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information, thereby logging into the system as any user. Attacker must first obtain an user ID in order to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2025-11899"
],
"database_specific": {
"cwe_ids": [
"CWE-321"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-17T04:16:06Z",
"severity": "CRITICAL"
},
"details": "Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information, thereby logging into the system as any user. Attacker must first obtain an user ID in order to exploit this vulnerability.",
"id": "GHSA-p79h-rmmr-jmr7",
"modified": "2025-10-17T06:31:10Z",
"published": "2025-10-17T06:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11899"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/en/cp-139-10439-0bd15-2.html"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/tw/cp-132-10438-1173e-1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-P836-389H-J692
Vulnerability from github – Published: 2022-05-14 02:46 – Updated: 2025-10-22 17:34Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.2.4"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.shiro:shiro-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-4437"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-321"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-06T19:56:32Z",
"nvd_published_at": "2016-06-07T14:06:00Z",
"severity": "CRITICAL"
},
"details": "Apache Shiro before 1.2.5, when a cipher key has not been configured for the \"remember me\" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.",
"id": "GHSA-p836-389h-j692",
"modified": "2025-10-22T17:34:26Z",
"published": "2022-05-14T02:46:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4437"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ef3a800c7d727a00e04b78e2f06c5cd8960f09ca28c9b69d94c3c4c4%40%3Cannouncements.aurora.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ef3a800c7d727a00e04b78e2f06c5cd8960f09ca28c9b69d94c3c4c4@%3Cannouncements.aurora.apache.org%3E"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-4437"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/137310/Apache-Shiro-1.2.4-Information-Disclosure.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/157497/Apache-Shiro-1.2.4-Remote-Code-Execution.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2036.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/538570/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/91024"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H",
"type": "CVSS_V3"
}
],
"summary": "Improper Access Control in Apache Shiro"
}
Mitigation
Prevention schemes mirror that of hard-coded password storage.
No CAPEC attack patterns related to this CWE.