CWE-259(Use of Hard-coded Password)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。
The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
| 種別 | 名称 | クラス | 普遍性 | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
| technology | — | ICS/OT | Undetermined | — |
これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。
| CVE | 公開 | 概要 |
|---|---|---|
| CVE-2026-11552 | 2026-06-08 | A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unkn… |
| CVE-2026-11515 | 2026-06-08 | A vulnerability has been found in SourceCodester Barangay Resident Profiling and Information Management System 1.0. The impacted element is an unknown function of the file passsword_reset.php of the c… |
| CVE-2026-35905 | 2026-06-04 | T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 were discovered to contain a hardcoded password for root access under the "superadmin" account. |
| CVE-2026-22055 | 2026-06-03 | Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations. |
| CVE-2026-22054 | 2026-06-03 | Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations. |
| CVE-2026-7251 | 2026-05-26 | Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full … |
| CVE-2026-8032 | 2026-05-06 | A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMIN_KEY… |
| CVE-2026-7579 | 2026-05-01 | A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The … |
| CVE-2026-6610 | 2026-04-20 | A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Setting Handler. Such manipulat… |
| CVE-2026-6578 | 2026-04-19 | A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of … |
| CVE-2026-6574 | 2026-04-19 | A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation … |
| CVE-2025-57175 | 2026-04-08 | Siklu EtherHaul 8010 siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b devices have a static root password. |
| CVE-2025-7741 | 2026-03-30 | Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account (PROG) used for CENTUM Authentication Mode within the system. Under the … |
| CVE-2026-4993 | 2026-03-28 | A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLM_MASTER_KEY leads to ha… |
| CVE-2026-4475 | 2026-03-20 | A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The affected element is an unknown function of the file home/web/ipc. Such manipulation leads to hard-coded crede… |
| CVE-2026-4219 | 2026-03-16 | A flaw has been found in INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1.0.2 on Android. Affected by this vulnerability is an unknown functionality of the file com/index/event/… |
| CVE-2026-4216 | 2026-03-16 | A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the component air.SmartLog.android. This manipulation causes hard-coded credentials. T… |
| CVE-2025-59388 | 2026-03-12 | A use of hard-coded password vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to gain unauthorized access. We have already fixed… |
| CVE-2025-70041 | 2026-03-11 | An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master. |
| CVE-2025-70802 | 2026-03-10 | Tenda G1V3.1si V16.01.7.8 Firmware V16.01.7.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. |
| 日付 | 名称 | バージョン | 重要度 | コメント |
|---|---|---|---|---|
| 2008-07-01 | Eric Dalci | 1.0 | — | updated Time_of_Introduction |
| 2008-08-01 | — | 1.0 | — | added/updated white box definitions |
| 2008-08-15 | — | 1.0 | — | Suggested OWASP Top Ten 2004 mapping |
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities |
| 2008-10-14 | CWE Content Team | 1.0.1 | — | updated Description, Potential_Mitigations |
| 2008-11-13 | CWE Content Team | 1.1 | — | Significant description modifications to emphasize different variants. |
| 2008-11-24 | CWE Content Team | 1.1 | — | updated Demonstrative_Examples, Description, Maintenance_Notes, Other_Notes, Potential_Mitigations |
| 2009-01-12 | CWE Content Team | 1.2 | — | updated Demonstrative_Examples, Description, Maintenance_Notes, Potential_Mitigations, Relationships |
| 2009-03-10 | CWE Content Team | 1.3 | — | updated Potential_Mitigations |
| 2009-07-17 | KDM Analytics | 1.5 | — | Improved the White_Box_Definition |
| 2009-07-27 | CWE Content Team | 1.5 | — | updated Demonstrative_Examples, Related_Attack_Patterns, White_Box_Definitions |
| 2010-02-16 | CWE Content Team | 1.8 | — | updated Demonstrative_Examples, Description, Detection_Factors, Name, Potential_Mitigations, Relationships |
| 2010-04-05 | CWE Content Team | 1.8.1 | — | updated Applicable_Platforms |
| 2010-06-21 | CWE Content Team | 1.9 | — | updated Detection_Factors, Potential_Mitigations |
| 2010-09-27 | CWE Content Team | 1.10 | — | updated Relationships |
| 2010-12-13 | CWE Content Team | 1.11 | — | updated Relationships |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences, Potential_Mitigations, Relationships, Taxonomy_Mappings |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated References, Relationships, Taxonomy_Mappings |
| 2012-10-30 | CWE Content Team | 2.3 | — | updated Demonstrative_Examples |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Relationships, Taxonomy_Mappings |
| 2015-12-07 | CWE Content Team | 2.9 | — | updated Demonstrative_Examples |
| 2017-01-19 | CWE Content Team | 2.10 | — | updated Related_Attack_Patterns |
| 2017-05-03 | CWE Content Team | 2.11 | — | updated Related_Attack_Patterns |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Causal_Nature, Demonstrative_Examples, Likelihood_of_Exploit, Modes_of_Introduction, Relationships, White_Box_Definitions |
| 2019-01-03 | CWE Content Team | 3.2 | — | updated Relationships, Taxonomy_Mappings |
| 2019-06-20 | CWE Content Team | 3.3 | — | updated Related_Attack_Patterns |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated References, Relationships, Type |
| 2020-08-20 | CWE Content Team | 4.2 | — | updated Relationships |
| 2020-12-10 | CWE Content Team | 4.3 | — | updated Relationships |
| 2021-03-15 | CWE Content Team | 4.4 | — | updated Demonstrative_Examples, Maintenance_Notes |
| 2021-10-28 | CWE Content Team | 4.6 | — | updated Relationships |
| 2022-10-13 | CWE Content Team | 4.9 | — | updated Demonstrative_Examples, Observed_Examples, References |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Applicable_Platforms, Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Detection_Factors, References, Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2024-02-29 | CWE Content Team | 4.14 | — | updated Observed_Examples |
| 2025-04-03 | CWE Content Team | 4.17 | — | updated Common_Consequences, Description, Diagram, Maintenance_Notes, Other_Notes |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Relationships |