CVE-2020-1764

HIGH Year: 2020
CVSS v3 Score
8.6
High
CVSS v2 Score
7.5
High
Weakness Type
CWE-321
View all →

Vulnerability Description

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.

Related Vulnerabilities

CVE-2020-7846

HIGH
CVSS:8.8(High)

Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web pag...

CWE-3212020

CVE-2021-27392

HIGH
CVSS:8.8(High)

A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3), Siveillance Video Open Network Bridge (2020 R2), Siveillance Video Open Network Bridge (2020 R1), Siveillance Vi...

CWE-3212021

CVE-2022-0664

HIGH
CVSS:8.8(High)

Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1.

CWE-3212022

CVE-2022-20868

HIGH
CVSS:8.8(High)

A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker...

CWE-3212022

CVE-2022-23650

HIGH
CVSS:8.8(High)

Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-coded cryptographic key in the code base which can...

CWE-3212022

CVE-2023-20038

HIGH
CVSS:8.8(High)

A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credenti...

CWE-3212023