hardcoded
-
Blog
Ivanti Workspace Control hardcoded key flaws expose SQL credentials
Ivanti has released security updates to fix three high-severity hardcoded key vulnerabilities in the company’s Workspace Control (IWC) solution. IWC helps enterprise admins manage desktops and applications, acting as an intermediary between the operating system and users and regulating access and workspace configuration. It provides centralized control over user workspaces and dynamically configures desktops, applications, and user settings based on…
Read More » -
Blog
Chrome extension privacy promises undone by hardcoded secrets, leaky HTTP
From the extensions Guo mentioned, SEMRush Rank and PI Rank transmit users’ full browsing domains in plaintext to rank.trellian.com, effectively exposing their web activity. MSN New Tab/Homepage sends a persistent Machine ID, OS version, and extension version using an unencrypted SendPingDetails request, data that can be used to track users across sessions. Additionally, DualSafe Password Manager, while not leaking passwords,…
Read More » -
Blog
SolarWinds fixes hardcoded credentials flaw in Web Help Desk
SolarWinds has released a hotfix for a critical Web Help Desk vulnerability that allows attackers to log into unpatched systems using hardcoded credentials. Web Help Desk (WHD) is an IT help desk software widely used by government agencies, large corporations, and healthcare and education organizations to automate and streamline help desk management tasks. SolarWinds’ IT management products are used by over 300,000…
Read More »