Common Weakness Enumeration

CWE-1394

Allowed

Use of Default Cryptographic Key

Abstraction: Base · Status: Incomplete

The product uses a default cryptographic key for potentially critical functionality.

32 vulnerabilities reference this CWE, most recent first.

GHSA-697W-W949-FHM4

Vulnerability from github – Published: 2025-12-02 12:30 – Updated: 2025-12-02 12:30
VLAI
Details

Sprecher Automations SPRECON-E series uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-41744"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1394"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-02T11:15:51Z",
    "severity": "CRITICAL"
  },
  "details": "Sprecher Automations SPRECON-E series\u00a0uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity.",
  "id": "GHSA-697w-w949-fhm4",
  "modified": "2025-12-02T12:30:28Z",
  "published": "2025-12-02T12:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41744"
    },
    {
      "type": "WEB",
      "url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/SPR-2511043_de.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6CJP-89M2-82W2

Vulnerability from github – Published: 2024-11-22 21:32 – Updated: 2024-11-22 21:32
VLAI
Details

A vulnerability, which was classified as problematic, has been found in macrozheng mall up to 1.0.3. Affected by this issue is some unknown functionality of the component JWT Token Handler. The manipulation leads to use of default cryptographic key. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. Instead the issue posted on GitHub got deleted without any explanation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-11619"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1394"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-22T21:15:17Z",
    "severity": "LOW"
  },
  "details": "A vulnerability, which was classified as problematic, has been found in macrozheng mall up to 1.0.3. Affected by this issue is some unknown functionality of the component JWT Token Handler. The manipulation leads to use of default cryptographic key. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. Instead the issue posted on GitHub got deleted without any explanation.",
  "id": "GHSA-6cjp-89m2-82w2",
  "modified": "2024-11-22T21:32:18Z",
  "published": "2024-11-22T21:32:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11619"
    },
    {
      "type": "WEB",
      "url": "https://github.com/macrozheng/mall/issues/880"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.285842"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.285842"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.444666"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-83MR-XXCJ-W7X3

Vulnerability from github – Published: 2025-09-09 21:30 – Updated: 2025-09-09 21:30
VLAI
Details

Use of Default Cryptographic Key (CWE-1394)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-55049"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1394"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-09T19:15:53Z",
    "severity": "CRITICAL"
  },
  "details": "Use of Default Cryptographic Key (CWE-1394)",
  "id": "GHSA-83mr-xxcj-w7x3",
  "modified": "2025-09-09T21:30:27Z",
  "published": "2025-09-09T21:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55049"
    },
    {
      "type": "WEB",
      "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-867W-FFWP-RH44

Vulnerability from github – Published: 2026-02-06 00:30 – Updated: 2026-02-06 00:30
VLAI
Details

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 (by default, the encryption key is the same across all customers' installations). NOTE: the Supplier's position is that the instance of CWE-1394 is not a vulnerability because customers "are supposed to enable" a non-default option that eliminates the weakness. However, that non-default option can disrupt functionality as shown in the "Managing FortiGates with private data encryption" document, and is therefore intentionally not a default option.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-25815"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1394"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-05T22:15:54Z",
    "severity": "LOW"
  },
  "details": "Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 (by default, the encryption key is the same across all customers\u0027 installations). NOTE: the Supplier\u0027s position is that the instance of CWE-1394 is not a vulnerability because customers \"are supposed to enable\" a non-default option that eliminates the weakness. However, that non-default option can disrupt functionality as shown in the \"Managing FortiGates with private data encryption\" document, and is therefore intentionally not a default option.",
  "id": "GHSA-867w-ffwp-rh44",
  "modified": "2026-02-06T00:30:26Z",
  "published": "2026-02-06T00:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25815"
    },
    {
      "type": "WEB",
      "url": "https://docs.fortinet.com/document/fortimanager/7.6.6/administration-guide/30332/managing-fortigates-with-private-data-encryption"
    },
    {
      "type": "WEB",
      "url": "https://www.cert.at/en/blog/2026/1/threat-actors-use-forticloud-to-collect-ldap-connection-passwords"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CH3R-QC65-HPFH

Vulnerability from github – Published: 2024-11-04 03:30 – Updated: 2024-11-04 03:30
VLAI
Details

A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up App 4.47.3 on Android. This issue affects some unknown processing of the file gr/desquared/kmmsharedmodule/db/RealmDB.java of the component Realm Database Handler. The manipulation of the argument defaultRealmKey leads to use of default cryptographic key. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-10748"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1394",
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-04T01:15:03Z",
    "severity": "LOW"
  },
  "details": "A vulnerability, which was classified as problematic, has been found in Cosmote Greece What\u0027s Up App 4.47.3 on Android. This issue affects some unknown processing of the file gr/desquared/kmmsharedmodule/db/RealmDB.java of the component Realm Database Handler. The manipulation of the argument defaultRealmKey leads to use of default cryptographic key. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-ch3r-qc65-hpfh",
  "modified": "2024-11-04T03:30:39Z",
  "published": "2024-11-04T03:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10748"
    },
    {
      "type": "WEB",
      "url": "https://github.com/secuserx/CVE/blob/main/%5BHardcoded%20Realm%20Database%20Encryption%20Key%5D%20found%20in%20What\u0027s%20UP%20Android%20App%204.47.3%20-%20(RealmDB.java).md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.282917"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.282917"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.432429"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-F7MQ-68Q8-XQV6

Vulnerability from github – Published: 2026-04-23 18:33 – Updated: 2026-05-05 15:31
VLAI
Details

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized access to the protocol, read debug data, modify certain device configuration values, and trigger device reboot, resulting in loss of integrity and a denial-of-service condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-5039"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1394"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-23T18:16:30Z",
    "severity": "MODERATE"
  },
  "details": "TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized access to the protocol, read debug data, modify certain device configuration values, and trigger device reboot, resulting in loss of integrity and a denial-of-service condition.",
  "id": "GHSA-f7mq-68q8-xqv6",
  "modified": "2026-05-05T15:31:34Z",
  "published": "2026-04-23T18:33:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5039"
    },
    {
      "type": "WEB",
      "url": "https://www.tp-link.com/us/support/download/tl-wr841n/v13/#Firmware"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-QX6M-HH7F-72HF

Vulnerability from github – Published: 2025-12-02 12:30 – Updated: 2025-12-02 12:30
VLAI
Details

Sprecher Automations SPRECON-E-C,  SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access any device via remote maintenance.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-41742"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1394"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-02T11:15:51Z",
    "severity": "CRITICAL"
  },
  "details": "Sprecher Automations SPRECON-E-C, \u00a0SPRECON-E-P, SPRECON-E-T3\u00a0is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access any device via remote maintenance.",
  "id": "GHSA-qx6m-hh7f-72hf",
  "modified": "2025-12-02T12:30:28Z",
  "published": "2025-12-02T12:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41742"
    },
    {
      "type": "WEB",
      "url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/SPR-2511042_de.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RGWP-J8MQ-FHC5

Vulnerability from github – Published: 2025-03-04 09:30 – Updated: 2025-03-04 09:30
VLAI
Details

There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, and earlier and later versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-26849"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1394"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-04T09:15:10Z",
    "severity": "MODERATE"
  },
  "details": "There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, and earlier and later versions.",
  "id": "GHSA-rgwp-j8mq-fhc5",
  "modified": "2025-03-04T09:30:40Z",
  "published": "2025-03-04T09:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26849"
    },
    {
      "type": "WEB",
      "url": "https://docs.docusnap.com/en/release-notes/changelog"
    },
    {
      "type": "WEB",
      "url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-012"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VFXW-PRHR-FVHH

Vulnerability from github – Published: 2026-04-08 21:33 – Updated: 2026-04-08 21:33
VLAI
Details

Use of Default Cryptographic Key in the hardware for some Intel(R) Pentium(R) Processor Silver Series, Intel(R) Celeron(R) Processor J Series, Intel(R) Celeron(R) Processor N Series may allow an escalation of privilege. Hardware reverse engineer adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via physical access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (none) impacts.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-20709"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1394"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-08T19:25:12Z",
    "severity": "MODERATE"
  },
  "details": "Use of Default Cryptographic Key in the hardware for some Intel(R) Pentium(R) Processor Silver Series, Intel(R) Celeron(R) Processor J Series, Intel(R) Celeron(R) Processor N Series may allow an escalation of privilege. Hardware reverse engineer adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via physical access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (none) impacts.",
  "id": "GHSA-vfxw-prhr-fvhh",
  "modified": "2026-04-08T21:33:32Z",
  "published": "2026-04-08T21:33:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20709"
    },
    {
      "type": "WEB",
      "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-00609.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:P/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-W92R-FPR6-76RV

Vulnerability from github – Published: 2024-12-09 21:31 – Updated: 2024-12-11 18:30
VLAI
Details

Serviceware Processes 6.0 through 7.3 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-48956"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-120",
      "CWE-1394"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-09T19:15:13Z",
    "severity": "CRITICAL"
  },
  "details": "Serviceware Processes 6.0 through 7.3 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution.",
  "id": "GHSA-w92r-fpr6-76rv",
  "modified": "2024-12-11T18:30:41Z",
  "published": "2024-12-09T21:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48956"
    },
    {
      "type": "WEB",
      "url": "https://security.serviceware-se.com/CVE-2024-48956"
    },
    {
      "type": "WEB",
      "url": "https://serviceware-se.com/platform/serviceware-processes"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Requirements

Prohibit use of default, hard-coded, or other values that do not vary for each installation of the product - especially for separate organizations.

Mitigation
Architecture and Design

Force the administrator to change the credential upon installation.

Mitigation
Installation Operation

The product administrator could change the defaults upon installation or during operation.

No CAPEC attack patterns related to this CWE.