Hardcoded Credentials | writeups.xyz

Title	Vulnerabilities	Programs	Authors
How i Manage to Get Sensitive Informations via docker image	Information Disclosure Hardcoded Credentials	Globe Telecom (Gcash)	Ph.Hitachi
The effectiveness of employing BChecks to uncover significant secrets	Hardcoded Credentials	Undisclosed	Khaled Mohamed (@0xElkomy)
ALWAYS test 404 Not Found in Bug Bounties!	Hardcoded Credentials Reflected XSS	Undisclosed	Viktor Mares
Shipping your Private Key - CVE-2023-43870, Paxton do a Lenovo	Thick Client MiTM Hardcoded Credentials	Paxton	Craig72947 (@Craigsblackie)
Technical Advisory – Multiple Vulnerabilities in PandoraFMS Enterprise	Account Takeover Information Disclosure RCE Unrestricted File Upload Stored XSS Arbitrary File Read Local Privilege Escalation Path Traversal DoS IDOR Hardcoded Credentials	PandoraFMS	Oliver Brooks
The ART of Chaining Vulnerabilities	Android WAF Bypass Bruteforce Hardcoded Credentials RCE	Undisclosed	Ahmad Halabi (@Ahmad_Halabi_)
SonicWall WXA – Authentication Bypass and Remote Code Execution Vulnerability	Authentication Bypass Hardcoded Credentials RCE Argument Injection Security Code Review	SonicWall	Adam Crosser
Insecure Authentication Tokens leading to Account Takeover	Account Takeover Android Hardcoded Credentials Weak Crypto Authentication Bypass Client-Side Enforcement of Server-Side Security	Undisclosed	Thomas Delfino
Apache Superset Part II: RCE, Credential Harvesting and More	RCE Insecure Deserialization URL Validation Bypass Broken Authorization Arbitrary File Read Insufficiently Protected Credentials Default Flask Secret Key Hardcoded Credentials	Apache Superset	Naveen Sunkavally
Back to the 90s: Fujitsu “IP series” Real-time Video Transmission Gear Hard Coded Credentials	Hardcoded Credentials	Fujitsu	Adnan Khan (@Adnanthekhan)
Leaked Secrets and Unlimited Miles: Hacking the Largest Airline and Hotel Rewards Platform	Path Traversal Authorization Bypass Hardcoded Credentials Weak Flask Session Secret Account Takeover	Points.com United Airlines Virgin	Ian Carroll (@Iangcarroll) Shubham Shah (@Infosec_au) Sam Curry (@Samwcyo)
iOS App Pentesting and Security with Real-World Case Studies Part 2	IOS Hardcoded Credentials Information Disclosure	Undisclosed	Swaroop Yermalkar (@Swaroopsy)
What is kong & why we’re relying on it	RCE Sandbox Escape Authentication Bypass Hardcoded Credentials Broken Access Control Privilege Escalation JWT	Konga	Laluka (@TheLaluka)
CVE-2023-27524: Insecure Default Configuration in Apache Superset Leads to Remote Code Execution	RCE Default Flask Secret Key Hardcoded Credentials	Apache Superset	Naveen Sunkavally
Default Credentials on Sony- Swag Time	Hardcoded Credentials Information Disclosure	Sony	Arman (@M7arm4n)
The story of becoming a Super Admin	Hardcoded Credentials Account Takeover Information Disclosure	Undisclosed	Ömer Kepenek (@Omer_kepenek)
Assumed Breach Assessment Case Study: Uncovering WeSecureApp’s Approach	Internal Pentest Missing Authentication Hardcoded Credentials Cloud	Undisclosed	WeSecureApp (@Wesecureapp)
WEEKEND DESTROYER - RCE in Western Digital PR4100 NAS	RCE Hardcoded Credentials Privilege Escalation	Western Digital	Pedro Ribeiro (@Pedrib1337) Radek Domanski (@RabbitPro)
YAFPC — Unauthenticated Remote Code Execution	Authentication Bypass Hardcoded Credentials RCE	Undisclosed	Luke Paris
Better Make Sure Your Password Manager Is Secure	Hardcoded Credentials XSS Cryptographic Issues Broken Authorization Authentication Bypass	Click Studios	Kuekerino (@Kuekerino) Ubahnverleih (@Ubahnverleih) Parzel (@Parzel2)
Manipulating AES Traffic using a Chain of Proxies and Hardcoded Keys	Android Hardcoded Credentials Client-Side Encryption Bypass	Undisclosed	Aditya Dixit (@Zombie007o)
[Hacking Bank] The Second Story of Finding Critical Vulnerabilities on Banking Application	Android Hardcoded Credentials IDOR	Undisclosed	Abdelhak Kharroubi
SSD Advisory – Cisco Secure Manager Appliance jwt_api_impl Hardcoded JWT Secret Elevation of Privilege	Hardcoded Credentials Security Code Review JWT Privilege Escalation	Cisco	-
Baxter SIGMA Spectrum Infusion Pumps: Multiple Vulnerabilities (FIXED)	Hardcoded Credentials Memory Corruption MiTM Information Disclosure	Baxter Healthcare	Deral Heiland (@Percent_X)
Hacking My Helium Crypto Miner	Hardcoded Credentials Missing Authentication RCE Local Privilege Escalation	Pycom	Md. Asif Hossain (@0x0asif)

Page 1 of 2