Primary

Context

Vue Vben Admin Hardcoded Credentials Vulnerability Allowing Unauthorized Backend Login

Vulnerability

A vulnerability in Vue Vben Admin version 2.10.1 allows unauthorized access to the backend due to hardcoded credentials. This issue can be exploited by retrieving the embedded login information from the JavaScript source code of the application.

Impact

Exploitation of this vulnerability allows for unauthorized login to the backend, potentially leading to unauthorized access to sensitive data or administrative functions.

Reproduction

To reproduce this vulnerability, access the login page of the affected Vue Vben Admin application. Right-click to view the source code and search for the 'index' JavaScript file. The hardcoded login credentials can be found in this file. Once the credentials are identified, use them to log into the system. This vulnerability can also be verified in bulk using the Fofa search engine by searching for the hardcoded icon hash.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vue Vben Admin Hardcoded Credentials Vulnerability Allowing Unauthorized Backend Login

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating