CWE-798

Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key.

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin.

An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software.

The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers’ installations) in web.config, and can be used to send serialized ASP code.

The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets.

Calibre-Web 0.6.6 allows authentication bypass because of the ‘A0Zr98j/3yX R~XHH!jmN]LWX/,?RT’ hardcoded secret key.