CWE-321
AllowedUse of Hard-coded Cryptographic Key
Abstraction: Variant · Status: Draft
The product uses a hard-coded, unchangeable cryptographic key.
503 vulnerabilities reference this CWE, most recent first.
GHSA-PW8J-97JQ-CW6G
Vulnerability from github – Published: 2026-02-13 21:31 – Updated: 2026-02-27 00:31Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stored in C:\Program Files (x86)\Veramark\VeraSMART\WebRoot\web.config. An attacker who obtains these keys can craft a valid ASP.NET ViewState payload that passes integrity validation and is accepted by the application, resulting in server-side deserialization and remote code execution in the context of the IIS application.
{
"affected": [],
"aliases": [
"CVE-2026-26335"
],
"database_specific": {
"cwe_ids": [
"CWE-321"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-13T21:16:52Z",
"severity": "CRITICAL"
},
"details": "Calero VeraSMART versions prior to\u00a02022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stored in C:\\\\Program Files (x86)\\\\Veramark\\\\VeraSMART\\\\WebRoot\\\\web.config. An attacker who obtains these keys can craft a valid ASP.NET ViewState payload that passes integrity validation and is accepted by the application, resulting in server-side deserialization and remote code execution in the context of the IIS application.",
"id": "GHSA-pw8j-97jq-cw6g",
"modified": "2026-02-27T00:31:44Z",
"published": "2026-02-13T21:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26335"
},
{
"type": "WEB",
"url": "https://www.calero.com"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/calero-verasmart-2022-r1-static-iis-machine-keys-enable-viewstate-rce"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PWHR-98HP-44R7
Vulnerability from github – Published: 2026-06-15 12:32 – Updated: 2026-06-15 12:32The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This key can be used to decrypt the licence.whs file, which contains sensitive information about the licensing party and a second key that can be used to decrypt other configuration files.
{
"affected": [],
"aliases": [
"CVE-2026-34029"
],
"database_specific": {
"cwe_ids": [
"CWE-321"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-15T12:16:25Z",
"severity": "MODERATE"
},
"details": "The\u00a0Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This key can be used to decrypt the licence.whs file, which contains sensitive information about the licensing party and a second key that can be used to decrypt other configuration files.",
"id": "GHSA-pwhr-98hp-44r7",
"modified": "2026-06-15T12:32:45Z",
"published": "2026-06-15T12:32:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34029"
},
{
"type": "WEB",
"url": "https://r.sec-consult.com/wertheim"
},
{
"type": "WEB",
"url": "https://wertheim-safes.com/safe-deposit-box-management"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PX3C-RFV8-7MVG
Vulnerability from github – Published: 2025-06-10 15:30 – Updated: 2025-06-10 15:30A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials.
{
"affected": [],
"aliases": [
"CVE-2025-5353"
],
"database_specific": {
"cwe_ids": [
"CWE-321"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-10T15:15:25Z",
"severity": "HIGH"
},
"details": "A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials.",
"id": "GHSA-px3c-rfv8-7mvg",
"modified": "2025-06-10T15:30:48Z",
"published": "2025-06-10T15:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5353"
},
{
"type": "WEB",
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-CVE-2025-5353-CVE-CVE-2025-22463-CVE-2025-22455"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PXR7-XFV3-MWHV
Vulnerability from github – Published: 2023-07-06 15:30 – Updated: 2024-04-04 05:26An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2023-22844"
],
"database_specific": {
"cwe_ids": [
"CWE-321"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-06T15:15:11Z",
"severity": "CRITICAL"
},
"details": "An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.",
"id": "GHSA-pxr7-xfv3-mwhv",
"modified": "2024-04-04T05:26:45Z",
"published": "2023-07-06T15:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22844"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1700"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-Q336-FJ7P-G7VX
Vulnerability from github – Published: 2026-02-09 09:30 – Updated: 2026-02-09 09:30User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass.
{
"affected": [],
"aliases": [
"CVE-2026-22906"
],
"database_specific": {
"cwe_ids": [
"CWE-321"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-09T08:16:11Z",
"severity": "CRITICAL"
},
"details": "User credentials are stored using AES\u2011ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass.",
"id": "GHSA-q336-fj7p-g7vx",
"modified": "2026-02-09T09:30:21Z",
"published": "2026-02-09T09:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22906"
},
{
"type": "WEB",
"url": "https://certvde.com/de/advisories/VDE-2026-004"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q354-79Q7-WX65
Vulnerability from github – Published: 2026-06-16 00:34 – Updated: 2026-06-16 00:34Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
{
"affected": [],
"aliases": [
"CVE-2026-9260"
],
"database_specific": {
"cwe_ids": [
"CWE-321",
"CWE-798"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-16T00:16:35Z",
"severity": "MODERATE"
},
"details": "Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier",
"id": "GHSA-q354-79q7-wx65",
"modified": "2026-06-16T00:34:25Z",
"published": "2026-06-16T00:34:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9260"
},
{
"type": "WEB",
"url": "https://canon.jp/support/support-info/260615vulnerability-response"
},
{
"type": "WEB",
"url": "https://psirt.canon/advisory-information/cp2026-005"
},
{
"type": "WEB",
"url": "https://www.canon-europe.com/support/product-security"
},
{
"type": "WEB",
"url": "https://www.usa.canon.com/about-us/to-our-customers/cpa2026-005-vulnerability-remediation-for-eos-network-setting-tool"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-Q363-F26M-JJ5J
Vulnerability from github – Published: 2025-07-21 18:32 – Updated: 2025-07-22 18:30Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections.
{
"affected": [],
"aliases": [
"CVE-2025-52374"
],
"database_specific": {
"cwe_ids": [
"CWE-321"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-21T16:15:30Z",
"severity": "MODERATE"
},
"details": "Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections.",
"id": "GHSA-q363-f26m-jj5j",
"modified": "2025-07-22T18:30:41Z",
"published": "2025-07-21T18:32:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52374"
},
{
"type": "WEB",
"url": "https://github.com/hmailserver/hmailserver"
},
{
"type": "WEB",
"url": "https://github.com/mojibake-dev/hMailEnum"
},
{
"type": "WEB",
"url": "https://github.com/mojibake-dev/mojibake-CVE/blob/main/hMailServer/CVE-2025-52374.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q3G3-7Q7P-5JWV
Vulnerability from github – Published: 2026-07-15 03:32 – Updated: 2026-07-15 03:32Kasa EC71 v4 and EC70 v4 firmware contains a static cryptographic private key stored in a read-only filesystem that is shared across devices. An attacker with access to the firmware image can extract the embedded key.
Successful exploitation may allow an unauthenticated attacker on the same network to use this key in the web management service, compromising the confidentiality of encrypted communications. This may enable passive decryption of traffic or active man-in-the-middle (MITM) attacks
{
"affected": [],
"aliases": [
"CVE-2026-9770"
],
"database_specific": {
"cwe_ids": [
"CWE-321"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-15T01:17:10Z",
"severity": "HIGH"
},
"details": "Kasa EC71 v4 and EC70 v4 firmware contains a static cryptographic private key stored in a read-only filesystem\nthat is shared across devices.\u00a0 An\nattacker with access to the firmware image can extract the embedded key.\u00a0 \n\n\n\n\n\n\n\n\n\nSuccessful\nexploitation may allow an unauthenticated attacker on the same network to use\nthis key in the web management service, compromising the confidentiality of\nencrypted communications. This may enable passive decryption of traffic or\nactive man-in-the-middle (MITM) attacks",
"id": "GHSA-q3g3-7q7p-5jwv",
"modified": "2026-07-15T03:32:51Z",
"published": "2026-07-15T03:32:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9770"
},
{
"type": "WEB",
"url": "https://www.tp-link.com/en/support/download/ec70/v4/#Firmware-Release-Notes"
},
{
"type": "WEB",
"url": "https://www.tp-link.com/en/support/download/ec71/v4/#Firmware-Release-Notes"
},
{
"type": "WEB",
"url": "https://www.tp-link.com/us/support/download/ec70/v4/#Firmware-Release-Notes"
},
{
"type": "WEB",
"url": "https://www.tp-link.com/us/support/download/ec71/v4/#Firmware-Release-Notes"
},
{
"type": "WEB",
"url": "https://www.tp-link.com/us/support/faq/5192"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-Q9C3-7QMH-545W
Vulnerability from github – Published: 2025-06-03 00:31 – Updated: 2025-06-03 00:31Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a.
{
"affected": [],
"aliases": [
"CVE-2025-49164"
],
"database_specific": {
"cwe_ids": [
"CWE-321"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-03T00:15:20Z",
"severity": "MODERATE"
},
"details": "Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a.",
"id": "GHSA-q9c3-7qmh-545w",
"modified": "2025-06-03T00:31:02Z",
"published": "2025-06-03T00:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49164"
},
{
"type": "WEB",
"url": "https://full-disclosure.eu/reports/2025/FDEU-CVE-2025-1c00-arris-bootloader-shell-injection.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QC2W-5628-6J6M
Vulnerability from github – Published: 2024-05-03 15:30 – Updated: 2024-05-03 15:30A hard-coded AES key vulnerability was reported in the Motorola GuideMe application, along with a lack of URI sanitation, could allow for a local attacker to read arbitrary files.
{
"affected": [],
"aliases": [
"CVE-2024-3109"
],
"database_specific": {
"cwe_ids": [
"CWE-321"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T14:15:11Z",
"severity": "MODERATE"
},
"details": "\nA hard-coded AES key vulnerability was reported in the Motorola GuideMe application, along with a lack of URI sanitation, could allow for a local attacker to read arbitrary files.\n\n\n\n\n\n\n\n",
"id": "GHSA-qc2w-5628-6j6m",
"modified": "2024-05-03T15:30:54Z",
"published": "2024-05-03T15:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3109"
},
{
"type": "WEB",
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/178863"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation
Prevention schemes mirror that of hard-coded password storage.
No CAPEC attack patterns related to this CWE.