CVE-2020-11720
CRITICALbilanc < 014_31.01.2020 - Use of Hard-coded Credentials
Title source: llmDescription
An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. During the installation, it sets up administrative access by default with the account admin and password 0000. After the installation, users/admins are not prompted to change this password.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Dec/34
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/160623/Programi-Bilanc-Build-007-Release-014-31.01.2020-Weak-Default-Password.html
Scores
CVSS v3
9.8
EPSS
0.0183
EPSS Percentile
76.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (1)
bilanc/bilanc
< 014_31.01.2020
Published
Dec 23, 2020
Tracked Since
Feb 18, 2026