Common Weakness Enumeration

CWE-321

Allowed

Use of Hard-coded Cryptographic Key

Abstraction: Variant · Status: Draft

The product uses a hard-coded, unchangeable cryptographic key.

503 vulnerabilities reference this CWE, most recent first.

GHSA-RGW8-CV8P-CRP3

Vulnerability from github – Published: 2025-10-21 21:33 – Updated: 2025-10-21 21:33
VLAI
Details

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56802.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-56802"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-321"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-21T19:21:23Z",
    "severity": "MODERATE"
  },
  "details": "The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56802.",
  "id": "GHSA-rgw8-cv8p-crp3",
  "modified": "2025-10-21T21:33:40Z",
  "published": "2025-10-21T21:33:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-56802"
    },
    {
      "type": "WEB",
      "url": "https://github.com/shinyColumn/CVE-2025-56802"
    },
    {
      "type": "WEB",
      "url": "https://shinycolumn.notion.site/reolink-aes-key"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RHX6-VJ26-2FRQ

Vulnerability from github – Published: 2025-10-25 00:30 – Updated: 2025-10-25 00:30
VLAI
Details

Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit's USB update port - can craft or modify firmware packages to execute arbitrary code as root, allowing persistent compromise of the device's integrity and deck randomization process. Physical or on-premises access remains the most likely attack path, though network-exposed or telemetry-enabled deployments could theoretically allow remote exploitation if misconfigured. The vendor confirmed that firmware updates have been issued to correct these update-chain weaknesses and that USB update access has been disabled on affected units.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-34500"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-321"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-24T23:15:46Z",
    "severity": "HIGH"
  },
  "details": "Deck Mate 2\u0027s firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit\u0027s USB update port - can craft or modify firmware packages to execute arbitrary code as root, allowing persistent compromise of the device\u0027s integrity and deck randomization process. Physical or on-premises access remains the most likely attack path, though network-exposed or telemetry-enabled deployments could theoretically allow remote exploitation if misconfigured. The vendor confirmed that firmware updates have been issued to correct these update-chain weaknesses and that USB update access has been disabled on affected units.",
  "id": "GHSA-rhx6-vj26-2frq",
  "modified": "2025-10-25T00:30:39Z",
  "published": "2025-10-25T00:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34500"
    },
    {
      "type": "WEB",
      "url": "https://www.ioactive.com/wp-content/uploads/2025/05/IOActive-card-shuffler-security.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/shuffle-master-deck-mate-2-insecure-update-chain"
    },
    {
      "type": "WEB",
      "url": "https://www.wired.com/story/card-shuffler-hack"
    },
    {
      "type": "WEB",
      "url": "https://www.wired.com/story/how-hacked-card-shufflers-allegedly-enabled-a-mob-fueled-poker-scam-that-rocked-the-nba"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-RJM6-GXHW-JXMP

Vulnerability from github – Published: 2024-11-22 04:25 – Updated: 2024-11-22 04:25
VLAI
Details

Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software. A network-adjacent unauthenticated attacker may log in to SFTP service and obtain and/or manipulate unauthorized files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-45837"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-321"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-22T02:15:21Z",
    "severity": "MODERATE"
  },
  "details": "Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software. A network-adjacent unauthenticated attacker may log in to SFTP service and obtain and/or manipulate unauthorized files.",
  "id": "GHSA-rjm6-gxhw-jxmp",
  "modified": "2024-11-22T04:25:03Z",
  "published": "2024-11-22T04:25:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45837"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN41397971"
    },
    {
      "type": "WEB",
      "url": "https://www.aiphone.net/important/20241016_1"
    },
    {
      "type": "WEB",
      "url": "https://www.aiphone.net/important/20241016_2"
    },
    {
      "type": "WEB",
      "url": "https://www.aiphone.net/support/software-documents/ix"
    },
    {
      "type": "WEB",
      "url": "https://www.aiphone.net/support/software-documents/ixg"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RJRP-832P-5V8P

Vulnerability from github – Published: 2023-06-27 03:30 – Updated: 2024-04-04 05:11
VLAI
Details

The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lock_content_form_handler' and 'display_password_form' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt and view the password protected content.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3371"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-321"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-27T02:15:09Z",
    "severity": "HIGH"
  },
  "details": "The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the \u0027lock_content_form_handler\u0027 and \u0027display_password_form\u0027 function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt and view the password protected content.",
  "id": "GHSA-rjrp-832p-5v8p",
  "modified": "2024-04-04T05:11:46Z",
  "published": "2023-06-27T03:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3371"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/embedpress/tags/3.7.3/EmbedPress/Includes/Classes/Helper.php#L231"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/embedpress/tags/3.7.3/EmbedPress/Includes/Classes/Helper.php#L278"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/embedpress/tags/3.7.3/Gutenberg/block-backend/block-embedpress.php#L30"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/2930523/embedpress#file10"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/2930523/embedpress#file28"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c1033b4d-82a0-4484-aebf-f35d6a2a9a13?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RVV9-GRWC-5C44

Vulnerability from github – Published: 2025-08-04 18:30 – Updated: 2025-11-03 21:34
VLAI
Details

RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-44963"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-321"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-04T17:15:30Z",
    "severity": "CRITICAL"
  },
  "details": "RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key.",
  "id": "GHSA-rvv9-grwc-5c44",
  "modified": "2025-11-03T21:34:19Z",
  "published": "2025-08-04T18:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-44963"
    },
    {
      "type": "WEB",
      "url": "https://claroty.com/team82/disclosure-dashboard/cve-2025-44963"
    },
    {
      "type": "WEB",
      "url": "https://kb.cert.org/vuls/id/613753"
    },
    {
      "type": "WEB",
      "url": "https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/613753"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RWHW-R234-9P3M

Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2022-05-13 01:13
VLAI
Details

The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-10896"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-321"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-08-01T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "The default cloud-init configuration, in cloud-init 0.6.2 and newer, included \"ssh_deletekeys: 0\", disabling cloud-init\u0027s deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks.",
  "id": "GHSA-rwhw-r234-9p3m",
  "modified": "2022-05-13T01:13:59Z",
  "published": "2022-05-13T01:13:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10896"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:3050"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:3644"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:3898"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2018-10896"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/cloud-init/+bug/1781094"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1574338"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1598831"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10896"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RX74-P2RX-RWPQ

Vulnerability from github – Published: 2025-11-25 06:33 – Updated: 2025-11-25 06:33
VLAI
Details

"FOD" App uses hard-coded cryptographic keys, which may allow a local unauthenticated attacker to retrieve the cryptographic keys.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-64304"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-321"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-25T05:16:12Z",
    "severity": "MODERATE"
  },
  "details": "\"FOD\" App uses hard-coded cryptographic keys, which may allow a local unauthenticated attacker to retrieve the cryptographic keys.",
  "id": "GHSA-rx74-p2rx-rwpq",
  "modified": "2025-11-25T06:33:12Z",
  "published": "2025-11-25T06:33:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64304"
    },
    {
      "type": "WEB",
      "url": "https://help.fod.fujitv.co.jp/hc/ja/articles/48337068747033"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN63368617"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-V23F-Q7R3-X5CJ

Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2023-03-01 03:30
VLAI
Details

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-10990"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-321",
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-23T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files.",
  "id": "GHSA-v23f-q7r3-x5cj",
  "modified": "2023-03-01T03:30:29Z",
  "published": "2022-05-24T16:56:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10990"
    },
    {
      "type": "WEB",
      "url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V536-8HRH-RXX4

Vulnerability from github – Published: 2025-09-30 12:30 – Updated: 2025-09-30 12:30
VLAI
Details

The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via copyreap_handle_image() Function in versions 1.1 to 1.2. The plugin falls back to a hard-coded JWT signing key when no secret is defined and does not restrict which file types can be fetched and saved as attachments. As a result, unauthenticated attackers can forge a valid token to gain elevated privileges and upload an arbitrary file (e.g. a PHP script) through the image handler, leading to remote code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-8625"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-321"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-30T11:37:46Z",
    "severity": "CRITICAL"
  },
  "details": "The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via copyreap_handle_image() Function in versions 1.1 to 1.2. The plugin falls back to a hard-coded JWT signing key when no secret is defined and does not restrict which file types can be fetched and saved as attachments. As a result, unauthenticated attackers can forge a valid token to gain elevated privileges and upload an arbitrary file (e.g. a PHP script) through the image handler, leading to remote code execution.",
  "id": "GHSA-v536-8hrh-rxx4",
  "modified": "2025-09-30T12:30:52Z",
  "published": "2025-09-30T12:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8625"
    },
    {
      "type": "WEB",
      "url": "https://wordpress.org/plugins/copypress-rest-api/#developers"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3045c9e5-4095-48e5-8d9d-16a091e69d54?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V5JG-GM3Q-H894

Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03
VLAI
Details

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in the decrypted data. After reading the user password, the project can be opened and modified with the Schneider product.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-7574"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-321",
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-06T21:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in the decrypted data. After reading the user password, the project can be opened and modified with the Schneider product.",
  "id": "GHSA-v5jg-gm3q-h894",
  "modified": "2022-05-13T01:03:36Z",
  "published": "2022-05-13T01:03:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7574"
    },
    {
      "type": "WEB",
      "url": "https://os-s.net/advisories/OSS-2017-02.pdf"
    },
    {
      "type": "WEB",
      "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-097-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97518"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Prevention schemes mirror that of hard-coded password storage.

No CAPEC attack patterns related to this CWE.