CWE-521— Weak Password Requirements

Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2.

Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1.

In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single char…

An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authentic…

HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking.

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password can be generated via a binary incl…

Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account co…

Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7.

A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification.

Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page.

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits. The device default pre-shared key for both 2.4 GHz and 5 G…

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default.

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2.

A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Version…

Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2.

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9.

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.

IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698.

Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks.

Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting.

Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks.

Contract Management System v2.0 contains a weak default password which gives attackers to access database connection information.

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 230634.

BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password.

RuoYi v3.8.3 has a Weak password vulnerability in the management system.

Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making …

Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much ea…

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.

A weak password requirement issue was discovered in Teldats Router RS123, RS123w allows a remote attacker to escalate privileges

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against th…

Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can…

Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak password vulnerability.

Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H…

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy.

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10.

Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.

A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument…

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to a…

Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.

Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0.

Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This …

An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management.

Electra Central AC unit – The unit opens an AP with an easily calculated password.

Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product.

Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Affected products and versions are as follows: SkyBridge …

IBM Aspera Console 3.4.0 through 3.4.4 allows passwords to be reused when a new user logs into the system.

An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements.