Use of Hard-coded Credentials

CVE-2021-38461

Medium

6.4/10

Summary

The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: NONE

CWE-798 - Use of Hard-coded Credentials

The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

References

Advisory Timeline

Published Oct 22, 2021

Use of Hard-coded Credentials

CVE-2021-38461

Summary

CWE-798 - Use of Hard-coded Credentials

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS