Use of Hard-coded Credentials

CVE-2021-25898

High

7.5/10

Summary

An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-798 - Use of Hard-coded Credentials

The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

References

Advisory Timeline

Published Apr 23, 2021

Use of Hard-coded Credentials

CVE-2021-25898

Summary

CWE-798 - Use of Hard-coded Credentials

References

Advisory Timeline

ChainAlert

DustiLock

JetBrains IDE