CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.
CVE-2025-34197 (GCVE-0-2025-34197)
Vulnerability from cvelistv5 – Published: 2025-09-19 18:39 – Updated: 2026-05-15 11:15
VLAI
Title
Vasion Print (formerly PrinterLogic) Undocumented Local Account with Hardcoded Password and Passwordless sudo
Summary
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 (VA and SaaS deployments) contain an undocumented local user account named ubuntu with a preset password and a sudoers entry granting that account passwordless root privileges (ubuntu ALL=(ALL) NOPASSWD: ALL). Anyone who knows the hardcoded password can obtain root privileges via local console or equivalent administrative access, enabling local privilege escalation. This vulnerability has been identified by the vendor as: V-2024-010 — Hardcoded Linux Password. NOTE: The patch for this vulnerability is reported to be incomplete: /etc/shadow was remediated but /etc/sudoers remains vulnerable.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://help.printerlogic.com/saas/Print/Security… | vendor-advisorypatch |
| https://pierrekim.github.io/blog/2025-04-08-vasio… | technical-description |
| https://help.printerlogic.com/va/Print/Security/S… | vendor-advisorypatch |
| https://www.vulncheck.com/advisories/vasion-print… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Vasion | Print Virtual Appliance Host |
Affected:
0 , < 22.0.951
(semver)
|
|
| Vasion | Print Application |
Affected:
0 , < 20.0.2368
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34197",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T20:03:06.139612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T20:03:18.877Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Appliance OS user account configuration"
],
"platforms": [
"Linux"
],
"product": "Print Virtual Appliance Host",
"vendor": "Vasion",
"versions": [
{
"lessThan": "22.0.951",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Appliance OS user account configuration"
],
"platforms": [
"Linux"
],
"product": "Print Application",
"vendor": "Vasion",
"versions": [
{
"lessThan": "20.0.2368",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vasion:virtual_appliance_host:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.0.951",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vasion:virtual_appliance_application:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20.0.2368",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pierre Barre"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eVasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 (VA and SaaS deployments) contain an undocumented local user account named \u003ccode\u003eubuntu\u003c/code\u003e with a preset password and a sudoers entry granting that account passwordless root privileges (\u003ccode\u003eubuntu ALL=(ALL) NOPASSWD: ALL\u003c/code\u003e). Anyone who knows the hardcoded password can obtain root privileges via local console or equivalent administrative access, enabling local privilege escalation. \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis vulnerability has been identified by the vendor as: \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eV-2024-010 \u2014 Hardcoded Linux Password.\u0026nbsp;\u003c/span\u003eNOTE: The patch for this vulnerability is reported to be incomplete:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e/etc/shadow was remediated but /etc/sudoers remains vulnerable.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 (VA and SaaS deployments) contain an undocumented local user account named ubuntu with a preset password and a sudoers entry granting that account passwordless root privileges (ubuntu ALL=(ALL) NOPASSWD: ALL). Anyone who knows the hardcoded password can obtain root privileges via local console or equivalent administrative access, enabling local privilege escalation. This vulnerability has been identified by the vendor as: V-2024-010 \u2014 Hardcoded Linux Password.\u00a0NOTE: The patch for this vulnerability is reported to be incomplete:\u00a0/etc/shadow was remediated but /etc/sudoers remains vulnerable."
}
],
"impacts": [
{
"capecId": "CAPEC-121",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-121 Exploit Non-Production Interfaces"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T11:15:16.672Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm"
},
{
"tags": [
"technical-description"
],
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-hardcoded-password-ubuntu"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/vasion-print-printerlogic-undocumented-local-account-with-hardcoded-password-and-passwordless-sudo"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vasion Print (formerly PrinterLogic) Undocumented Local Account with Hardcoded Password and Passwordless sudo",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34197",
"datePublished": "2025-09-19T18:39:36.317Z",
"dateReserved": "2025-04-15T19:15:22.570Z",
"dateUpdated": "2026-05-15T11:15:16.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34198 (GCVE-0-2025-34198)
Vulnerability from cvelistv5 – Published: 2025-09-19 18:40 – Updated: 2026-05-15 11:15
VLAI
Title
Vasion Print (formerly PrinterLogic) Shared / Hardcoded SSH Host Private Keys in Appliance Image
Summary
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951 and Application prior to 20.0.2368 (VA and SaaS deployments) contain shared, hardcoded SSH host private keys in the appliance image. The same private host keys (RSA, ECDSA, and ED25519) are present across installations, rather than being uniquely generated per appliance. An attacker who obtains these private keys (for example from one compromised appliance image or another installation) can impersonate the appliance, decrypt or intercept SSH connections to appliances that use the same keys, and perform man-in-the-middle or impersonation attacks against administrative SSH sessions. This vulnerability has been identified by the vendor as: V-2024-011 — Hardcoded SSH Host Key.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://help.printerlogic.com/saas/Print/Security… | vendor-advisorypatch |
| https://pierrekim.github.io/blog/2025-04-08-vasio… | technical-description |
| https://help.printerlogic.com/va/Print/Security/S… | vendor-advisorypatch |
| https://www.vulncheck.com/advisories/vasion-print… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Vasion | Print Virtual Appliance Host |
Affected:
0 , < 22.0.951
(semver)
|
|
| Vasion | Print Application |
Affected:
0 , < 20.0.2368
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T20:04:01.250196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T20:04:18.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"/etc/ssh (SSH host private keys)"
],
"product": "Print Virtual Appliance Host",
"vendor": "Vasion",
"versions": [
{
"lessThan": "22.0.951",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"/etc/ssh (SSH host private keys)"
],
"product": "Print Application",
"vendor": "Vasion",
"versions": [
{
"lessThan": "20.0.2368",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vasion:virtual_appliance_host:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.0.951",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vasion:virtual_appliance_application:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20.0.2368",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pierre Barre"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003eVasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951 and Application prior to 20.0.2368 (VA and SaaS deployments) contain shared, hardcoded SSH host private keys in the appliance image. The same private host keys (RSA, ECDSA, and ED25519) are present across installations, rather than being uniquely generated per appliance. An attacker who obtains these private keys (for example from one compromised appliance image or another installation) can impersonate the appliance, decrypt or intercept SSH connections to appliances that use the same keys, and perform man-in-the-middle or impersonation attacks against administrative SSH sessions.\u0026nbsp;This vulnerability has been identified by the vendor as: V-2024-011 \u2014 Hardcoded SSH Host Key.\u003c/div\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951 and Application prior to 20.0.2368 (VA and SaaS deployments) contain shared, hardcoded SSH host private keys in the appliance image. The same private host keys (RSA, ECDSA, and ED25519) are present across installations, rather than being uniquely generated per appliance. An attacker who obtains these private keys (for example from one compromised appliance image or another installation) can impersonate the appliance, decrypt or intercept SSH connections to appliances that use the same keys, and perform man-in-the-middle or impersonation attacks against administrative SSH sessions.\u00a0This vulnerability has been identified by the vendor as: V-2024-011 \u2014 Hardcoded SSH Host Key."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T11:15:17.569Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm"
},
{
"tags": [
"technical-description"
],
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-hardcoded-ssh-keys"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/vasion-print-printerlogic-shared-hardcoded-ssh-host-private-keys-in-appliance-image"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vasion Print (formerly PrinterLogic) Shared / Hardcoded SSH Host Private Keys in Appliance Image",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34198",
"datePublished": "2025-09-19T18:40:31.977Z",
"dateReserved": "2025-04-15T19:15:22.570Z",
"dateUpdated": "2026-05-15T11:15:17.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34209 (GCVE-0-2025-34209)
Vulnerability from cvelistv5 – Published: 2025-09-29 20:35 – Updated: 2026-05-15 11:15
VLAI
Title
Vasion Print (formerly PrinterLogic) Hardcoded GPG Private Key
Summary
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.862 and Application prior to 20.0.2014 (VA and SaaS deployments) contain Docker images with the private GPG key and passphrase for the account *no‑reply+virtual‑appliance@printerlogic.com*. The key is stored in cleartext and the passphrase is hardcoded in files. An attacker with administrative access to the appliance can extract the private key, import it into their own system, and subsequently decrypt GPG-encrypted files and sign arbitrary firmware update packages. A maliciously signed update can be uploaded by an admin‑level attacker and will be executed by the appliance, giving the attacker full control of the virtual appliance. This vulnerability has been identified by the vendor as: V-2023-010 — Hardcoded Private Key.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://pierrekim.github.io/blog/2025-04-08-vasio… | technical-description |
| https://help.printerlogic.com/va/Print/Security/S… | vendor-advisorypatch |
| https://help.printerlogic.com/saas/Print/Security… | vendor-advisorypatch |
| https://www.vulncheck.com/advisories/vasion-print… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Vasion | Print Virtual Appliance Host |
Affected:
0 , < 22.0.862
(semver)
|
|
| Vasion | Print Application |
Affected:
0 , < 20.0.2014
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34209",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-30T13:33:57.998509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T13:43:11.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-private-gpg-key"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Docker images \u2013 embedded GPG key pair",
"Firmware\u2011update signing workflow"
],
"product": "Print Virtual Appliance Host",
"vendor": "Vasion",
"versions": [
{
"lessThan": "22.0.862",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Docker images \u2013 embedded GPG key pair",
"Firmware\u2011update signing workflow"
],
"product": "Print Application",
"vendor": "Vasion",
"versions": [
{
"lessThan": "20.0.2014",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vasion:virtual_appliance_host:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.0.862",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vasion:virtual_appliance_application:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20.0.2014",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pierre Barre"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.862 and Application prior to 20.0.2014 (VA and SaaS deployments)\u0026nbsp;contain Docker images with the private GPG key and passphrase for the account *no\u2011reply+virtual\u2011appliance@printerlogic.com*.\u0026nbsp;The key is stored in cleartext and the passphrase is hardcoded in files.\u0026nbsp;An attacker with administrative access to the appliance can extract the private key, import it into their own system, and subsequently decrypt GPG-encrypted files and sign arbitrary firmware update packages.\u0026nbsp;A maliciously signed update can be uploaded by an admin\u2011level attacker and will be executed by the appliance, giving the attacker full control of the virtual appliance.\u0026nbsp;This vulnerability has been identified by the vendor as: V-2023-010 \u2014 Hardcoded Private Key.\u003cbr\u003e"
}
],
"value": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.862 and Application prior to 20.0.2014 (VA and SaaS deployments)\u00a0contain Docker images with the private GPG key and passphrase for the account *no\u2011reply+virtual\u2011appliance@printerlogic.com*.\u00a0The key is stored in cleartext and the passphrase is hardcoded in files.\u00a0An attacker with administrative access to the appliance can extract the private key, import it into their own system, and subsequently decrypt GPG-encrypted files and sign arbitrary firmware update packages.\u00a0A maliciously signed update can be uploaded by an admin\u2011level attacker and will be executed by the appliance, giving the attacker full control of the virtual appliance.\u00a0This vulnerability has been identified by the vendor as: V-2023-010 \u2014 Hardcoded Private Key."
}
],
"impacts": [
{
"capecId": "CAPEC-474",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-474 Signature Spoofing by Key Theft"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T11:15:22.502Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description"
],
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-private-gpg-key"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/vasion-print-printerlogic-hardcoded-gpg-private-key"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Vasion Print (formerly PrinterLogic) Hardcoded GPG Private Key",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34209",
"datePublished": "2025-09-29T20:35:11.366Z",
"dateReserved": "2025-04-15T19:15:22.571Z",
"dateUpdated": "2026-05-15T11:15:22.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34223 (GCVE-0-2025-34223)
Vulnerability from cvelistv5 – Published: 2025-09-29 20:38 – Updated: 2026-05-15 11:15
VLAI
Title
Vasion Print (formerly PrinterLogic) Insecure Installation Credentials
Summary
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) contain a default admin account and an installation‑time endpoint at `/admin/query/update_database.php` that can be accessed without authentication. An attacker who can reach the installation web interface can POST arbitrary `root_user` and `root_password` values, causing the script to replace the default admin credentials with attacker‑controlled ones. The script also contains hard‑coded SHA‑512 and SHA‑1 hashes of the default password, allowing the attacker to bypass password‑policy validation. As a result, an unauthenticated remote attacker can obtain full administrative control of the system during the initial setup. This vulnerability has been identified by the vendor as: V-2024-022 — Insecure Installation Credentials.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://pierrekim.github.io/blog/2025-04-08-vasio… | technical-description |
| https://help.printerlogic.com/va/Print/Security/S… | vendor-advisorypatch |
| https://help.printerlogic.com/saas/Print/Security… | vendor-advisorypatch |
| https://www.vulncheck.com/advisories/vasion-print… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Vasion | Print Virtual Appliance Host |
Affected:
0 , < 22.0.1049
(semver)
|
|
| Vasion | Print Application |
Affected:
0 , < 20.0.2786
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34223",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-30T13:33:31.558514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T13:42:52.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-insecure-credentials-installation"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"/admin/query/update_database.php"
],
"product": "Print Virtual Appliance Host",
"vendor": "Vasion",
"versions": [
{
"lessThan": "22.0.1049",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"/admin/query/update_database.php"
],
"product": "Print Application",
"vendor": "Vasion",
"versions": [
{
"lessThan": "20.0.2786",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vasion:virtual_appliance_host:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.0.1049",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vasion:virtual_appliance_application:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20.0.2786",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pierre Barre"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049\u0026nbsp;and Application prior to version 20.0.2786\u0026nbsp;(VA/SaaS deployments) contain\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;a default admin account\u0026nbsp;and an installation\u2011time endpoint at `/admin/query/update_database.php` that can be accessed without authentication. An attacker who can reach the installation web interface can POST arbitrary `root_user` and `root_password` values, causing the script to replace the default admin credentials with attacker\u2011controlled ones. The script also contains hard\u2011coded SHA\u2011512 and SHA\u20111 hashes of the default password, allowing the attacker to bypass password\u2011policy validation. As a result, an unauthenticated remote attacker can obtain full administrative control of the system during the initial setup.\u0026nbsp;\u003c/span\u003eThis vulnerability has been identified by the vendor as: V-2024-022 \u2014 Insecure Installation Credentials.\u003cbr\u003e"
}
],
"value": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049\u00a0and Application prior to version 20.0.2786\u00a0(VA/SaaS deployments) contain\u00a0a default admin account\u00a0and an installation\u2011time endpoint at `/admin/query/update_database.php` that can be accessed without authentication. An attacker who can reach the installation web interface can POST arbitrary `root_user` and `root_password` values, causing the script to replace the default admin credentials with attacker\u2011controlled ones. The script also contains hard\u2011coded SHA\u2011512 and SHA\u20111 hashes of the default password, allowing the attacker to bypass password\u2011policy validation. As a result, an unauthenticated remote attacker can obtain full administrative control of the system during the initial setup.\u00a0This vulnerability has been identified by the vendor as: V-2024-022 \u2014 Insecure Installation Credentials."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
},
{
"capecId": "CAPEC-653",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-653 Use of Known Operating System Credentials"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T11:15:29.533Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description"
],
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-insecure-credentials-installation"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/vasion-print-printerlogic-insecure-installation-credentials"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Vasion Print (formerly PrinterLogic) Insecure Installation Credentials",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34223",
"datePublished": "2025-09-29T20:38:05.154Z",
"dateReserved": "2025-04-15T19:15:22.574Z",
"dateUpdated": "2026-05-15T11:15:29.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3426 (GCVE-0-2025-3426)
Vulnerability from cvelistv5 – Published: 2025-04-07 16:23 – Updated: 2025-04-10 15:40
VLAI
Title
Use of default hardcoded credentials
Summary
We observed that Intellispace Portal binaries doesn’t have any protection mechanisms to prevent reverse engineering. Specifically, the app’s code is not obfuscated, and no measures are in place to protect against decompilation, disassembly, or debugging. As a result, attackers can reverse-engineer the application to gain insights into its internal workings, which can potentially lead to the discovery of sensitive information, business logic flaws, and other vulnerabilities.
Utilizing this flaw, the attacker was able to identify the Hardcoded credentials from PortalUsersDatabase.dll, which contains .NET remoting definition. Inside the namespace PortalUsersDatabase, the class Users contains the functions CreateAdmin and CreateService that are used to initialize accounts in the Portal service. Both CreateAdmin and CreateService functions contain a hardcoded encrypted password along with its respective salt that are set with the function SetInitialPasswordAndSalt.
This issue affects IntelliSpace Portal: 12 and prior; Advanced Visualization Workspace: 15.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Philips | IntelliSpace Portal |
Affected:
12 and prior
|
|
| Philips | Advanced Visualization Workspace |
Affected:
15
|
Date Public
2025-04-07 16:05
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3426",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T14:20:31.067496Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T16:01:23.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "IntelliSpace Portal",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "12 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Advanced Visualization Workspace",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "15"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Victor A Morales"
},
{
"lang": "en",
"type": "finder",
"value": "Omar A Crespo"
}
],
"datePublic": "2025-04-07T16:05:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We observed that Intellispace Portal binaries doesn\u2019t have any protection mechanisms to prevent reverse engineering. Specifically, the app\u2019s code is not obfuscated, and no measures are in place to protect against decompilation, disassembly, or debugging. As a result, attackers can reverse-engineer the application to gain insights into its internal workings, which can potentially lead to the discovery of sensitive information, business logic flaws, and other vulnerabilities.\u003cbr\u003eUtilizing this flaw, the attacker was able to identify the Hardcoded credentials from PortalUsersDatabase.dll, which contains .NET remoting definition. Inside the namespace PortalUsersDatabase, the class Users contains the functions CreateAdmin and CreateService that are used to initialize accounts in the Portal service. Both CreateAdmin and CreateService functions contain a hardcoded encrypted password along with its respective salt that are set with the function SetInitialPasswordAndSalt.\u003cbr\u003e\u003cp\u003eThis issue affects IntelliSpace Portal: 12 and prior; Advanced Visualization Workspace: 15.\u003c/p\u003e"
}
],
"value": "We observed that Intellispace Portal binaries doesn\u2019t have any protection mechanisms to prevent reverse engineering. Specifically, the app\u2019s code is not obfuscated, and no measures are in place to protect against decompilation, disassembly, or debugging. As a result, attackers can reverse-engineer the application to gain insights into its internal workings, which can potentially lead to the discovery of sensitive information, business logic flaws, and other vulnerabilities.\nUtilizing this flaw, the attacker was able to identify the Hardcoded credentials from PortalUsersDatabase.dll, which contains .NET remoting definition. Inside the namespace PortalUsersDatabase, the class Users contains the functions CreateAdmin and CreateService that are used to initialize accounts in the Portal service. Both CreateAdmin and CreateService functions contain a hardcoded encrypted password along with its respective salt that are set with the function SetInitialPasswordAndSalt.\nThis issue affects IntelliSpace Portal: 12 and prior; Advanced Visualization Workspace: 15."
}
],
"impacts": [
{
"capecId": "CAPEC-188",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-188 Reverse Engineering"
}
]
},
{
"capecId": "CAPEC-65",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-65 Sniff Application Code"
}
]
},
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T15:40:20.578Z",
"orgId": "20705f08-db8b-4497-8f94-7eea62317651",
"shortName": "Philips"
},
"references": [
{
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3426"
},
{
"url": "https://www.philips.com/a-w/security/security-advisories.html#security_advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Use of default hardcoded credentials",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "20705f08-db8b-4497-8f94-7eea62317651",
"assignerShortName": "Philips",
"cveId": "CVE-2025-3426",
"datePublished": "2025-04-07T16:23:00.325Z",
"dateReserved": "2025-04-07T16:05:56.727Z",
"dateUpdated": "2025-04-10T15:40:20.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-34501 (GCVE-0-2025-34501)
Vulnerability from cvelistv5 – Published: 2025-11-03 21:56 – Updated: 2025-11-05 14:56
VLAI
Title
Shuffle Master Deck Mate 2 Hard-coded Credentials & Exposed Services
Summary
Deck Mate 2 is distributed with static, hard-coded credentials for the root shell and web user interface, while multiple management services (SSH, HTTP, Telnet, SMB, X11) are enabled by default. If an attacker can reach these interfaces - most often through local or near-local access such as connecting to the USB or Ethernet ports beneath the table - the built-in credentials permit administrative login and full control of the system. Once authenticated, an attacker can access firmware utilities, modify controller software, and establish persistent compromise. Remote attack paths via network, cellular, or telemetry links may exist in specific configurations but generally require additional capabilities or operator error. The vendor reports that USB access has been disabled in current firmware builds.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ioactive.com/wp-content/uploads/2025/… | technical-descriptionexploit |
| https://www.vulncheck.com/advisories/shuffle-mast… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Light & Wonder, Inc. / SHFL Entertainment, Inc. / Shuffle Master, Inc. | Deck Mate 2 |
Affected:
0 , < all known versions prior to 2025-10-23
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34501",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T14:56:17.089422Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T14:56:30.044Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Root shell credentials and web UI auth",
"SSH/HTTP/Telnet/SMB/X11 exposure"
],
"product": "Deck Mate 2",
"vendor": "Light \u0026 Wonder, Inc. / SHFL Entertainment, Inc. / Shuffle Master, Inc.",
"versions": [
{
"lessThan": "all known versions prior to 2025-10-23",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joseph Tartaro of IOActive"
},
{
"lang": "en",
"type": "finder",
"value": "Enrique Nissim of IOActive"
},
{
"lang": "en",
"type": "finder",
"value": "Ethan Shackelford of IOActive"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003c/div\u003eDeck Mate 2 is distributed with static, hard-coded credentials for the root shell and web user interface, while multiple management services (SSH, HTTP, Telnet, SMB, X11) are enabled by default. If an attacker can reach these interfaces - most often through local or near-local access such as connecting to the USB or Ethernet ports beneath the table - the built-in credentials permit administrative login and full control of the system. Once authenticated, an attacker can access firmware utilities, modify controller software, and establish persistent compromise. Remote attack paths via network, cellular, or telemetry links may exist in specific configurations but generally require additional capabilities or operator error. The vendor reports that USB access has been disabled in current firmware builds.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Deck Mate 2 is distributed with static, hard-coded credentials for the root shell and web user interface, while multiple management services (SSH, HTTP, Telnet, SMB, X11) are enabled by default. If an attacker can reach these interfaces - most often through local or near-local access such as connecting to the USB or Ethernet ports beneath the table - the built-in credentials permit administrative login and full control of the system. Once authenticated, an attacker can access firmware utilities, modify controller software, and establish persistent compromise. Remote attack paths via network, cellular, or telemetry links may exist in specific configurations but generally require additional capabilities or operator error. The vendor reports that USB access has been disabled in current firmware builds."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T21:56:54.734Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://www.ioactive.com/wp-content/uploads/2025/05/IOActive-card-shuffler-security.pdf"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/shuffle-master-deck-mate-2-hard-coded-credentials-and-exposed-services"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Shuffle Master Deck Mate 2 Hard-coded Credentials \u0026 Exposed Services",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34501",
"datePublished": "2025-11-03T21:56:54.734Z",
"dateReserved": "2025-04-15T19:15:22.611Z",
"dateUpdated": "2025-11-05T14:56:30.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34509 (GCVE-0-2025-34509)
Vulnerability from cvelistv5 – Published: 2025-06-17 18:20 – Updated: 2026-02-26 17:50
VLAI
Title
Sitecore XM and XP Hardcoded Credentials
Summary
Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://labs.watchtowr.com/is-b-for-backdoor-pre-… | third-party-advisoryexploittechnical-description |
| https://support.sitecore.com/kb?id=kb_article_vie… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sitecore | Experience Manager |
Affected:
10.4 , < 10.4.1 rev. 011941 PRE
(custom)
Affected: 10.3 , < 10.3.3 rev. 011967 PRE (custom) Affected: 10.1 , < 10.1.4 rev. 011974 PRE (custom) |
|
| Sitecore | Experience Platform |
Affected:
10.4 , < 10.4.1 rev. 011941 PRE
(custom)
Affected: 10.3 , < 10.3.3 rev. 011967 PRE (custom) Affected: 10.1 , < 10.1.4 rev. 011974 PRE (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34509",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T03:56:10.468989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:31.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Experience Manager",
"vendor": "Sitecore",
"versions": [
{
"lessThan": "10.4.1 rev. 011941 PRE",
"status": "affected",
"version": "10.4",
"versionType": "custom"
},
{
"lessThan": "10.3.3 rev. 011967 PRE",
"status": "affected",
"version": "10.3",
"versionType": "custom"
},
{
"lessThan": "10.1.4 rev. 011974 PRE",
"status": "affected",
"version": "10.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Experience Platform",
"vendor": "Sitecore",
"versions": [
{
"lessThan": "10.4.1 rev. 011941 PRE",
"status": "affected",
"version": "10.4",
"versionType": "custom"
},
{
"lessThan": "10.3.3 rev. 011967 PRE",
"status": "affected",
"version": "10.3",
"versionType": "custom"
},
{
"lessThan": "10.1.4 rev. 011974 PRE",
"status": "affected",
"version": "10.1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.4.1",
"versionStartIncluding": "10.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.3.3",
"versionStartIncluding": "10.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.1.4",
"versionStartIncluding": "10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.4.1",
"versionStartIncluding": "10.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.3.3",
"versionStartIncluding": "10.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.1.4",
"versionStartIncluding": "10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Piotr Bazydlo of watchTowr"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP."
}
],
"value": "Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-27T16:47:40.562Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"third-party-advisory",
"exploit",
"technical-description"
],
"url": "https://labs.watchtowr.com/is-b-for-backdoor-pre-auth-rce-chain-in-sitecore-experience-platform/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1003667"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to patched versions."
}
],
"value": "Update to patched versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Sitecore XM and XP Hardcoded Credentials",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34509",
"datePublished": "2025-06-17T18:20:57.441Z",
"dateReserved": "2025-04-15T19:15:22.612Z",
"dateUpdated": "2026-02-26T17:50:31.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-35451 (GCVE-0-2025-35451)
Vulnerability from cvelistv5 – Published: 2025-09-05 17:43 – Updated: 2025-09-08 18:08
VLAI
Title
Pan-Tilt-Zoom cameras hard-coded default passwords with SSH and telnet enabled
Summary
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
25 products
| Vendor | Product | Version | |
|---|---|---|---|
| PTZOptics | PT12X-SE-xx-G3 |
Affected:
0 , < 9.1.43
(custom)
Unaffected: 9.1.43 |
|
| PTZOptics | PT12X-LINK-4K-xx |
Affected:
0 , < 0.0.63
(custom)
Unaffected: 0.0.63 |
|
| PTZOptics | PT20X-SE-xx-G3 |
Affected:
0 , < 9.1.32
(custom)
Unaffected: 9.1.32 |
|
| PTZOptics | PT20X-LINK-4K-xx |
Affected:
0 , < 0.0.89
(custom)
Unaffected: 0.0.89 |
|
| PTZOptics | PT-STUDIOPRO |
Affected:
0 , < 9.0.41
(custom)
Unaffected: 9.0.41 |
|
| PTZOptics | PT30X-SE-xx-G3 |
Affected:
0 , < 9.1.33
(custom)
Unaffected: 9.1.33 |
|
| PTZOptics | PT30X-LINK-4K-xx |
Affected:
0 , < 2.0.71
(custom)
Unaffected: 2.0.71 |
|
| PTZOptics | PT12X-STUDIO-4K-xx-G3 |
Affected:
0 , < 8.1.90
(custom)
Unaffected: 8.1.90 |
|
| PTZOptics | PT20X-STUDIO-4K-xx-G3 |
Affected:
0 , < 8.1.90
(custom)
Unaffected: 8.1.90 |
|
| PTZOptics | PT12X-SDI/NDI-xx |
Affected:
0 , < 6.3.70
(custom)
Unaffected: 6.3.70 |
|
| PTZOptics | PT12X-USB-xx |
Affected:
0 , < 6.2.88
(custom)
Unaffected: 6.2.88 |
|
| PTZOptics | PT20X-SDI/NDI-xx |
Affected:
0 , < 6.3.27
(custom)
Unaffected: 6.3.27 |
|
| SMTAV | Pan-Tilt-Zoom Cameras |
Affected:
*
|
|
| PTZOptics | PT30X-SDI/NDI-xx |
Affected:
0 , < 6.3.43
(custom)
Unaffected: 6.3.43 |
|
| multiCAM Systems | Pan-Tilt-Zoom Cameras |
Affected:
*
|
|
| PTZOptics | VL Fixed Camera/NDI Fixed Camera |
Affected:
0 , < 7.2.94
(custom)
Unaffected: 7.2.94 |
|
| PTZOptics | 12x Fixed Camera/NDI Fixed Camera |
Affected:
0 , < 7.2.85
(custom)
Unaffected: 7.2.85 |
|
| PTZOptics | 20x Fixed Camera/NDI Fixed Camera |
Affected:
0 , < 7.2.94
(custom)
Unaffected: 7.2.94 |
|
| PTZOptics | EPTZ Fixed Camera/NDI Fixed Camera |
Affected:
0 , < 8.1.89
(custom)
Unaffected: 8.1.89 |
|
| PTZOptics | HC-EPTZ-NDI |
Affected:
0 , < 8.2.14
(custom)
Unaffected: 8.2.14 |
|
| PTZOptics | PT12X-4K-xx-G3 |
Affected:
0 , < 0.0.58
(custom)
Unaffected: 0.0.58 |
|
| PTZOptics | PT20X-4K-xx-G3 |
Affected:
0 , < 0.0.85
(custom)
Unaffected: 0.0.85 |
|
| PTZOptics | PT20X-USB-xx |
Affected:
0 , < 6.2.81
(custom)
Unaffected: 6.2.81 |
|
| PTZOptics | PT30X-4K-xx-G3 |
Affected:
0 , < 2.0.64
(custom)
Unaffected: 2.0.64 |
|
| ValueHD | Pan-Tilt-Zoom Cameras |
Affected:
*
|
Date Public
2025-06-12 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-35451",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T18:08:16.124259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T18:08:29.882Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PT12X-SE-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "9.1.43",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "9.1.43"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT12X-LINK-4K-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "0.0.63",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "0.0.63"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT20X-SE-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "9.1.32",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "9.1.32"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT20X-LINK-4K-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "0.0.89",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "0.0.89"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT-STUDIOPRO",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "9.0.41",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "9.0.41"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT30X-SE-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "9.1.33",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "9.1.33"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT30X-LINK-4K-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "2.0.71",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.0.71"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT12X-STUDIO-4K-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "8.1.90",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.1.90"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT20X-STUDIO-4K-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "8.1.90",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.1.90"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT12X-SDI/NDI-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "6.3.70",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.3.70"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT12X-USB-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "6.2.88",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.2.88"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT20X-SDI/NDI-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "6.3.27",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.3.27"
}
]
},
{
"defaultStatus": "unknown",
"product": "Pan-Tilt-Zoom Cameras",
"vendor": "SMTAV",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT30X-SDI/NDI-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "6.3.43",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.3.43"
}
]
},
{
"defaultStatus": "unknown",
"product": "Pan-Tilt-Zoom Cameras",
"vendor": "multiCAM Systems",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unknown",
"product": "VL Fixed Camera/NDI Fixed Camera",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "7.2.94",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "7.2.94"
}
]
},
{
"defaultStatus": "unknown",
"product": "12x Fixed Camera/NDI Fixed Camera",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "7.2.85",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "7.2.85"
}
]
},
{
"defaultStatus": "unknown",
"product": "20x Fixed Camera/NDI Fixed Camera",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "7.2.94",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "7.2.94"
}
]
},
{
"defaultStatus": "unknown",
"product": "EPTZ Fixed Camera/NDI Fixed Camera",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "8.1.89",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.1.89"
}
]
},
{
"defaultStatus": "unknown",
"product": "HC-EPTZ-NDI",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "8.2.14",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.2.14"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT12X-4K-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "0.0.58",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "0.0.58"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT20X-4K-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "0.0.85",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "0.0.85"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT20X-USB-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "6.2.81",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.2.81"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT30X-4K-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "2.0.64",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.0.64"
}
]
},
{
"defaultStatus": "unknown",
"product": "Pan-Tilt-Zoom Cameras",
"vendor": "ValueHD",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"datePublic": "2025-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
},
{
"other": {
"content": {
"id": "CVE-2025-35451",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T17:57:46.995811Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T17:58:14.754Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10"
},
{
"name": "url",
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-162-10.json"
},
{
"name": "url",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-35451"
},
{
"name": "url",
"url": "https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/"
},
{
"name": "url",
"url": "https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai"
}
],
"title": "Pan-Tilt-Zoom cameras hard-coded default passwords with SSH and telnet enabled"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2025-35451",
"datePublished": "2025-09-05T17:43:53.108Z",
"dateReserved": "2025-04-15T20:57:14.282Z",
"dateUpdated": "2025-09-08T18:08:29.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-35452 (GCVE-0-2025-35452)
Vulnerability from cvelistv5 – Published: 2025-09-05 17:49 – Updated: 2025-09-08 18:07
VLAI
Title
Pan-Tilt-Zoom cameras default administrative credentials for web interface
Summary
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
25 products
| Vendor | Product | Version | |
|---|---|---|---|
| PTZOptics | PT12X-SE-xx-G3 |
Affected:
0 , < 9.1.43
(custom)
Unaffected: 9.1.43 |
|
| PTZOptics | PT12X-LINK-4K-xx |
Affected:
0 , < 0.0.63
(custom)
Unaffected: 0.0.63 |
|
| PTZOptics | PT20X-SE-xx-G3 |
Affected:
0 , < 9.1.32
(custom)
Unaffected: 9.1.32 |
|
| PTZOptics | PT20X-LINK-4K-xx |
Affected:
0 , < 0.0.89
(custom)
Unaffected: 0.0.89 |
|
| PTZOptics | PT30X-SE-xx-G3 |
Affected:
0 , < 9.1.33
(custom)
Unaffected: 9.1.33 |
|
| PTZOptics | PT30X-LINK-4K-xx |
Affected:
0 , < 2.0.71
(custom)
Unaffected: 2.0.71 |
|
| PTZOptics | PT-STUDIOPRO |
Affected:
0 , < 9.0.41
(custom)
Unaffected: 9.0.41 |
|
| PTZOptics | PT12X-STUDIO-4K-xx-G3 |
Affected:
0 , < 8.1.90
(custom)
Unaffected: 8.1.90 |
|
| PTZOptics | PT20X-STUDIO-4K-xx-G3 |
Affected:
0 , < 8.1.90
(custom)
Unaffected: 8.1.90 |
|
| PTZOptics | PT12X-SDI/NDI-xx |
Affected:
0 , < 6.3.70
(custom)
Unaffected: 6.3.70 |
|
| PTZOptics | PT12X-USB-xx |
Affected:
0 , < 6.2.88
(custom)
Unaffected: 6.2.88 |
|
| PTZOptics | PT20X-SDI/NDI-xx |
Affected:
0 , < 6.3.27
(custom)
Unaffected: 6.3.27 |
|
| SMTAV | Pan-Tilt-Zoom Cameras |
Affected:
*
|
|
| PTZOptics | PT30X-SDI/NDI-xx |
Affected:
0 , < 6.3.43
(custom)
Unaffected: 6.3.43 |
|
| multiCAM Systems | Pan-Tilt-Zoom Cameras |
Affected:
*
|
|
| PTZOptics | VL Fixed Camera/NDI Fixed Camera |
Affected:
0 , < 7.2.94
(custom)
Unaffected: 7.2.94 |
|
| PTZOptics | 12x Fixed Camera/NDI Fixed Camera |
Affected:
0 , < 7.2.85
(custom)
Unaffected: 7.2.85 |
|
| PTZOptics | 20x Fixed Camera/NDI Fixed Camera |
Affected:
0 , < 7.2.94
(custom)
Unaffected: 7.2.94 |
|
| PTZOptics | EPTZ Fixed Camera/NDI Fixed Camera |
Affected:
0 , < 8.1.89
(custom)
Unaffected: 8.1.89 |
|
| PTZOptics | HC-EPTZ-NDI |
Affected:
0 , < 8.2.14
(custom)
Unaffected: 8.2.14 |
|
| PTZOptics | PT12X-4K-xx-G3 |
Affected:
0 , < 0.0.58
(custom)
Unaffected: 0.0.58 |
|
| PTZOptics | PT20X-4K-xx-G3 |
Affected:
0 , < 0.0.85
(custom)
Unaffected: 0.0.85 |
|
| PTZOptics | PT30X-4K-xx-G3 |
Affected:
0 , < 2.0.64
(custom)
Unaffected: 2.0.64 |
|
| PTZOptics | PT20X-USB-xx |
Affected:
0 , < 6.2.81
(custom)
Unaffected: 6.2.81 |
|
| ValueHD | Pan-Tilt-Zoom Cameras |
Affected:
*
|
Date Public
2025-06-12 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-35452",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T18:05:20.509951Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T18:07:29.985Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PT12X-SE-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "9.1.43",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "9.1.43"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT12X-LINK-4K-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "0.0.63",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "0.0.63"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT20X-SE-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "9.1.32",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "9.1.32"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT20X-LINK-4K-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "0.0.89",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "0.0.89"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT30X-SE-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "9.1.33",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "9.1.33"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT30X-LINK-4K-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "2.0.71",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.0.71"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT-STUDIOPRO",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "9.0.41",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "9.0.41"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT12X-STUDIO-4K-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "8.1.90",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.1.90"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT20X-STUDIO-4K-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "8.1.90",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.1.90"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT12X-SDI/NDI-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "6.3.70",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.3.70"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT12X-USB-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "6.2.88",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.2.88"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT20X-SDI/NDI-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "6.3.27",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.3.27"
}
]
},
{
"defaultStatus": "unknown",
"product": "Pan-Tilt-Zoom Cameras",
"vendor": "SMTAV",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT30X-SDI/NDI-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "6.3.43",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.3.43"
}
]
},
{
"defaultStatus": "unknown",
"product": "Pan-Tilt-Zoom Cameras",
"vendor": "multiCAM Systems",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unknown",
"product": "VL Fixed Camera/NDI Fixed Camera",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "7.2.94",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "7.2.94"
}
]
},
{
"defaultStatus": "unknown",
"product": "12x Fixed Camera/NDI Fixed Camera",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "7.2.85",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "7.2.85"
}
]
},
{
"defaultStatus": "unknown",
"product": "20x Fixed Camera/NDI Fixed Camera",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "7.2.94",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "7.2.94"
}
]
},
{
"defaultStatus": "unknown",
"product": "EPTZ Fixed Camera/NDI Fixed Camera",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "8.1.89",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.1.89"
}
]
},
{
"defaultStatus": "unknown",
"product": "HC-EPTZ-NDI",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "8.2.14",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.2.14"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT12X-4K-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "0.0.58",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "0.0.58"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT20X-4K-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "0.0.85",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "0.0.85"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT30X-4K-xx-G3",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "2.0.64",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.0.64"
}
]
},
{
"defaultStatus": "unknown",
"product": "PT20X-USB-xx",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "6.2.81",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.2.81"
}
]
},
{
"defaultStatus": "unknown",
"product": "Pan-Tilt-Zoom Cameras",
"vendor": "ValueHD",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"datePublic": "2025-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
},
{
"other": {
"content": {
"id": "CVE-2025-35452",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T17:57:32.559307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392 Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T17:58:30.782Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10"
},
{
"name": "url",
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-162-10.json"
},
{
"name": "url",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-35452"
},
{
"name": "url",
"url": "https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/"
},
{
"name": "url",
"url": "https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai"
}
],
"title": "Pan-Tilt-Zoom cameras default administrative credentials for web interface"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2025-35452",
"datePublished": "2025-09-05T17:49:02.755Z",
"dateReserved": "2025-04-15T20:57:14.282Z",
"dateUpdated": "2025-09-08T18:07:29.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-35940 (GCVE-0-2025-35940)
Vulnerability from cvelistv5 – Published: 2025-06-10 20:27 – Updated: 2025-06-11 14:03
VLAI
Title
Hard-coded ArchiverSpaApi JWT Signing Key
Summary
The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected ArchiverSpaApi URL endpoints.
Severity
8.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
Date Public
2025-06-10 20:20
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-35940",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T14:03:16.173362Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T14:03:33.168Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.tenable.com/security/research/tra-2025-17"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Archiver",
"vendor": "GFI",
"versions": [
{
"lessThanOrEqual": "15.8",
"status": "affected",
"version": "15.7",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-06-10T20:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe ArchiverSpaApi\u0026nbsp;ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected ArchiverSpaApi URL endpoints.\u003c/p\u003e"
}
],
"value": "The ArchiverSpaApi\u00a0ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected ArchiverSpaApi URL endpoints."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T20:27:51.562Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"url": "https://www.tenable.com/security/research/tra-2025-17"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hard-coded ArchiverSpaApi JWT Signing Key",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2025-35940",
"datePublished": "2025-06-10T20:27:51.562Z",
"dateReserved": "2025-04-15T21:07:39.881Z",
"dateUpdated": "2025-06-11T14:03:33.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- For outbound authentication: store passwords, keys, and other credentials outside of the code in a strongly-protected, encrypted configuration file or database that is protected from access by all outsiders, including other local users on the same system. Properly protect the key (CWE-320). If you cannot use encryption to protect the file, then make sure that the permissions are as restrictive as possible [REF-7].
- In Windows environments, the Encrypted File System (EFS) may provide some protection.
Mitigation
Phase: Architecture and Design
Description:
- For inbound authentication: Rather than hard-code a default username and password, key, or other authentication credentials for first time logins, utilize a "first login" mode that requires the user to enter a unique strong password or key.
Mitigation
Phase: Architecture and Design
Description:
- If the product must contain hard-coded credentials or they cannot be removed, perform access control checks and limit which entities can access the feature that requires the hard-coded credentials. For example, a feature might only be enabled through the system console instead of through a network connection.
Mitigation
Phase: Architecture and Design
Description:
- For inbound authentication using passwords: apply strong one-way hashes to passwords and store those hashes in a configuration file or database with appropriate access control. That way, theft of the file/database still requires the attacker to try to crack the password. When handling an incoming password during authentication, take the hash of the password and compare it to the saved hash.
- Use randomly assigned salts for each separate hash that is generated. This increases the amount of computation that an attacker needs to conduct a brute-force attack, possibly limiting the effectiveness of the rainbow table method.
Mitigation
Phase: Architecture and Design
Description:
- For front-end to back-end connections: Three solutions are possible, although none are complete.
- The first suggestion involves the use of generated passwords or keys that are changed automatically and must be entered at given time intervals by a system administrator. These passwords will be held in memory and only be valid for the time intervals.
- Next, the passwords or keys should be limited at the back end to only performing actions valid for the front end, as opposed to having full access.
- Finally, the messages sent should be tagged and checksummed with time sensitive values so as to prevent replay-style attacks.
CAPEC-191: Read Sensitive Constants Within an Executable
An adversary engages in activities to discover any sensitive constants present within the compiled code of an executable. These constants may include literal ASCII strings within the file itself, or possibly strings hard-coded into particular routines that can be revealed by code refactoring methods including static and dynamic analysis.
CAPEC-70: Try Common or Default Usernames and Passwords
An adversary may try certain common or default usernames and passwords to gain access into the system and perform unauthorized actions. An adversary may try an intelligent brute force using empty passwords, known vendor default credentials, as well as a dictionary of common usernames and passwords. Many vendor products come preconfigured with default (and thus well-known) usernames and passwords that should be deleted prior to usage in a production environment. It is a common mistake to forget to remove these default login credentials. Another problem is that users would pick very simple (common) passwords (e.g. "secret" or "password") that make it easier for the attacker to gain access to the system compared to using a brute force attack or even a dictionary attack using a full dictionary.