All news with #hardcoded credentials tag

🔒 The MacGregor Voyage Data Recorder (VDR) G4e contains multiple credential management vulnerabilities, including default and hard-coded credentials, weak password hashing, and accessible authentication files that can allow an attacker to gain administrator access. Danelec has released firmware V5.250 to address these issues and users are urged to update at the next service attendance rather than waiting for annual maintenance. CISA recommends minimizing network exposure, isolating control networks behind firewalls, and using secure remote access methods such as up-to-date VPNs while performing risk assessments prior to deployment of mitigations.

🔒 The USR-W610 RS232/485 to Wi‑Fi/Ethernet Converter from Jinan USR IOT Technology Limited contains plaintext administrative credentials embedded in its firmware. These hard-coded credentials can be extracted through firmware analysis and used to authenticate to device services, enabling potential administrator access. CISA reports no confirmed public exploitation and encourages users to contact the vendor and apply updates where available. Mitigations include network segmentation, firewalling, and using secure remote access methods such as VPNs with current updates.

🔒 CISA reports critical vulnerabilities in the XCharge C6 electric vehicle charging controller that could allow attackers to gain administrator rights or execute arbitrary code. A firmware update mechanism lacks signature validation, a stack-based buffer overflow exists in signal processing, and a management service exposes default credentials over the charging interface. XCharge has deployed updates for affected units; users should contact XCharge Support for details.

🔒 The Eppendorf BioFlo 320 is affected by a high‑severity vulnerability (CVSS 9.8) due to a VNC server that uses a hard‑coded password. If remote access is enabled and an attacker knows the device's network address, they can gain full control of the controller interface; VNC traffic is unencrypted. Eppendorf has released Version 5.0 software that removes VNC access and urges users to verify VNC is disabled and restrict configuration changes to Admin and Supervisor roles.

🔒 ABB disclosed a vulnerability in MConfig affecting versions listed by the vendor that allows sensitive data to be stored in cleartext in memory. An attacker with physical or local host access could export a memory dump that may include plaintext passwords. ABB released MConfig version 1.4.9.22 to remediate the issue and recommends applying defensive measures from the product manual.

🔒 A public GitHub repository tied to a suspected CISA contractor exposed plain-text credentials—AWS tokens, GitHub access tokens, Kubernetes files, workflows and internal documents—discovered on May 14 by GitGuardian. The repo, active since November 13, 2025, contained roughly 844 MB of data and was taken offline within a day after disclosure. CISA is investigating and reports no current indication of sensitive compromise. Experts recommend centralized secret management, automated secret scanning, strict vendor controls and MFA to prevent similar exposures.

🔔 Siemens disclosed multiple vulnerabilities in Teamcenter that could affect availability, integrity, and confidentiality of affected installations. The vendor published patches across several builds and recommends administrators update to the indicated fixed versions (examples include V2312.0009, V2406.0006, V2412.0009, V2506.0005 and later). Identified issues include improper error checking (CWE-754), cross-site scripting (CWE-79), and hard‑coded credentials (CWE-798). CISA and Siemens advise minimizing network exposure, isolating control systems, applying vendor updates promptly, and following Siemens' industrial security guidance.

🔒 A Norwegian researcher discovered that Microsoft Edge decrypts saved passwords at startup and keeps them resident in process memory, leaving credentials retrievable in plain text on shared or compromised machines. German publication Heise reproduced the finding, locating passwords even after a browser restart. Microsoft reportedly treats the behavior as 'by design,' prompting calls for using alternative password managers.

🔒 ABB has released an update addressing a logging issue in its B&R PVI client that could expose sensitive information. Affected versions are PVI <6.5.0>; the issue is fixed in PVI 6.5.0 (CVE-2026-0936). The vulnerability can allow an authenticated local attacker to read credentials written to client-side logs, although logging is disabled by default. Customers should apply the update promptly and limit client logging to troubleshooting only.

🔍 Intruder scanned over 1 million exposed AI services and found pervasive, critical misconfigurations and insecure defaults. Many deployments were reachable with no authentication, exposing chat histories, API keys, and management consoles. Exposed agent platforms (including n8n and Flowise) and thousands of Ollama APIs responded without auth, some wrapping paid frontier models. The findings highlight insecure-by-design defaults, hardcoded credentials, and real risks of code execution, data exfiltration, and abuse.

🔒 A high-severity vulnerability in the AI-powered development tool Cursor allows installed extensions to read sensitive credentials stored locally, researchers at LayerX report. The issue stems from Cursor keeping API keys, session tokens and cached configuration in an unprotected SQLite database rather than using OS keychains or encryption, and it does not restrict extension access. LayerX assigned the flaw a CVSS score of 8.2 and demonstrated silent exfiltration without user prompts. Cursor acknowledged the notice but said trust boundaries are the user's responsibility; as of 28 April 2026 the vulnerability remains unresolved.

⚠️ The CISA advisory reports multiple high-severity vulnerabilities in SenseLive X3050 (V1.523) that can allow an attacker on the network to bypass authentication, obtain administrative access, and perform unauthorized firmware operations. Affected issues include hard-coded credentials, missing authentication and authorization, insufficient session handling, cleartext management traffic, CSRF, and unsafe configuration controls that may destabilize device operation. CISA notes no known public exploitation to date; administrators should reduce exposure and contact the vendor.

🔒 Yokogawa CENTUM VP contains a hardcoded password for the PROG account used in CENTUM Authentication Mode, tracked as CVE-2025-7741. Under specific conditions, an attacker with access to HIS screen controls could log in as PROG and modify permissions or configuration. The issue affects R5.x, R6.x, and vR7.01.00 product families; it is not remotely exploitable and has high attack complexity. Recommended mitigations include switching to Windows Authentication Mode or applying vendor patch R7.01.10.

🔒 Most major cloud breaches in recent years have stemmed from basic misconfigurations rather than sophisticated zero-days or custom malware. The article highlights incidents such as Snowflake (2024), AT&T, Ticketmaster and Capital One to show how exposed credentials, public storage buckets and missing controls led to vast data exposure. Immediate actions recommended are enabling MFA everywhere, enforcing account-level public access blockers, activating comprehensive logging across AWS/Azure/GCP, and prioritizing remediation of exposed buckets and keys, while longer-term fixes include CSPM tools and infrastructure-as-code security checks.

🔒 Schneider Electric disclosed a hard‑coded credentials vulnerability in EcoStruxure IT Data Center Expert (DCE) that can lead to information disclosure and remote compromise when the SOCKS Proxy feature is enabled. Exploitation requires administrative access plus knowledge of PostgreSQL credentials; SOCKS Proxy is disabled by default. The issue is tracked as CVE‑2025‑13957 with a CVSS v3.1 base score of 7.2. Administrators should apply vendor updates or implement interim mitigations per the vendor handbook.

🔐The South Korean National Tax Service inadvertently published the mnemonic recovery phrase for a seized Ledger cold wallet when releasing photos from raids on high‑value tax evaders. The unredacted handwritten note allowed anyone to restore the wallet and transfer assets, and within hours 4 million Pre‑Retogeum (PRTG) tokens—about $4.8 million at the time—were moved out. The incident highlights operational security failures in handling digital evidence and the critical importance of redaction and custody procedures.

⚠️ CISA published an advisory for Trane Tracer SC, Tracer SC+, and Tracer Concierge reporting five vulnerabilities that could lead to information disclosure, arbitrary command execution, or denial-of-service. The issues (CVE-2026-28252 through CVE-2026-28256) include broken cryptography, excessive memory allocation, missing authorization, and hard-coded credentials/constants. Affected builds include Tracer SC < v4.4_SP7 and Tracer SC+/Concierge < v6.3.2310; Trane released Tracer SC+ v6.30.2313 to address these flaws. CISA advises isolating control networks, restricting remote access, applying vendor updates, and following ICS defensive best practices.

⚠️ Security researchers found widespread vulnerabilities across ten Android mental-health apps that together exceed 14.7 million installs and could expose highly sensitive therapy and medical data. Oversecured's scans from January 22–23, 2026 identified 1,575 issues — 54 high-, 538 medium-, and 983 low-severity — which could enable credential interception, HTML injection, spoofing, and location leaks. Findings include use of Intent.parseUri() on external input, plaintext API endpoints and hardcoded Firebase URLs, insecure token generation with java.util.Random, and overly permissive local file access.

🔐 CISA has directed Federal Civilian Executive Branch agencies to apply fixes within three days for a maximum-severity hardcoded-credential flaw in Dell RecoverPoint (CVE-2026-22769) after active exploitation was observed since mid-2024. Researchers at Mandiant and the Google Threat Intelligence Group link the activity to UNC6201, which deploys multiple payloads including a new Grimbolt backdoor. CISA added the issue to its Known Exploited Vulnerabilities catalog and invoked BOD 22-01 guidance, urging mitigations or product discontinuation if patches are unavailable.

🔒 Researchers report a China-linked APT exploited a previously unknown vulnerability in Dell RecoverPoint for Virtual Machines (CVE-2026-22769) to achieve unauthenticated root command execution by leveraging hardcoded Apache Tomcat Manager credentials. Google’s Mandiant traced compromises to UNC6201, which deployed web shells and backdoors including BRICKSTORM and the newer GRIMBOLT. Dell released a patch (6.0.3.1 HF1) and a remediation script; customers are urged to upgrade and isolate appliances behind segmented networks.