Use of Hard-coded Credentials

CVE-2013-6276

High

9.8/10

Summary

** UNSUPPORTED WHEN ASSIGNED ** QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-798 - Use of Hard-coded Credentials

The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

References

Advisory Timeline

Published Aug 09, 2021

Use of Hard-coded Credentials

CVE-2013-6276

Summary

CWE-798 - Use of Hard-coded Credentials

References

Advisory Timeline

DustiLock

KICS SaaS

CodeBashing