CWE-521— Weak Password Requirements
246 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-521page 4 of 5
- CVE-2023-3089HIGHCVSS 7.0EG 7.02023-07-05
A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
- CVE-2023-31043HIGHCVSS 7.5EG 7.52023-04-23
EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edb_filter_log.redact_password_c…
- CVE-2023-31098CRITICALCVSS 9.8EG 9.82023-05-22
Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0. When users change their password to a simple password (with any character or symbol), attac…
- CVE-2023-3423HIGHCVSS 8.8EG 6.52023-06-27
Weak Password Requirements in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v 1.2.0.
- CVE-2023-34240MEDIUMCVSS 6.5EG 6.52023-06-27
Cloudexplorer-lite is an open source cloud software stack. Weak passwords can be easily guessed and are an easy target for brute force attacks. This can lead to an authentication system failure and compromise system security. Versions of c…
- CVE-2023-3470MEDIUMCVSS 6.0EG 6.02023-08-02
Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or …
- CVE-2023-34995HIGHCVSS 7.5EG 7.52023-07-07
There are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password guidelines.
- CVE-2023-35907MEDIUMCVSS 5.9EG 5.92025-01-29
IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
- CVE-2023-37398MEDIUMCVSS 5.9EG 5.92025-01-29
IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
- CVE-2023-37503HIGHCVSS 8.1EG 8.12023-10-19
HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.
- CVE-2023-37756CRITICALCVSS 9.8EG 9.82023-09-14
I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack.
- CVE-2023-38369MEDIUMCVSS 6.2EG 6.22024-02-07
IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196.
- CVE-2023-40707HIGHCVSS 8.6EG 8.62023-08-24
There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don't set up complex credentials.
- CVE-2023-4125HIGHCVSS 8.8EG 8.82023-08-03
Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0.
- CVE-2023-41353HIGHCVSS 8.8EG 8.82023-11-03
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin a…
- CVE-2023-41923HIGHCVSS 7.2EG 7.22024-07-02
The user management section of the web application permits the creation of user accounts with excessively weak passwords, including single-character passwords.
- CVE-2023-43016HIGHCVSS 7.3EG 7.32024-02-03
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account w…
- CVE-2023-49238CRITICALCVSS 9.8EG 9.82024-01-09
In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon th…
- CVE-2023-49883MEDIUMCVSS 5.9EG 5.92025-10-01
IBM Transformation Extender Advanced 10.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
- CVE-2023-50305MEDIUMCVSS 5.1EG 5.12024-03-01
IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336.
- CVE-2023-7053LOWCVSS 3.1EG 3.12023-12-22
A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/signup.php. The manipulation leads to weak password requirements. The a…
- CVE-2024-0188LOWCVSS 3.1EG 3.12024-01-02
A vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online Portal 1.0. This affects an unknown part of the file change_password_teacher.php. The manipulation leads to weak password requirements. It i…
- CVE-2024-0347LOWCVSS 3.7EG 3.72024-01-09
A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file signup_teacher.php. The manipulation of the argument Password leads to weak passw…
- CVE-2024-0676MEDIUMCVSS 5.6EG 5.62024-01-30
Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and c…
- CVE-2024-1345MEDIUMCVSS 6.8EG 6.82024-02-19
Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to perform a brute force attack and easily discover the root password.
- CVE-2024-1346MEDIUMCVSS 6.8EG 6.82024-02-19
Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants.
- CVE-2024-22068MEDIUMCVSS 6.0EG 6.02024-10-10
Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: …
- CVE-2024-22330MEDIUMCVSS 5.9EG 5.92025-06-06
IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
- CVE-2024-22355MEDIUMCVSS 5.9EG 5.92024-03-03
IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user acc…
- CVE-2024-25729HIGHCVSS 8.8EG 8.82024-03-08
Arris SBG6580 devices have predictable default WPA2 security passwords that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last octet.)
- CVE-2024-29208LOWCVSS 2.2EG 2.22024-05-07
An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) …
- CVE-2024-32213MEDIUMCVSS 5.3EG 5.32024-05-01
The LoMag WareHouse Management application version 1.0.20.120 and older were found to allow weak passwords. By default, hard-coded passwords of 10 characters with little or no complexity are allowed.
- CVE-2024-3263CRITICALCVSS 9.8EG 9.82024-05-14
YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and en…
- CVE-2024-35137MEDIUMCVSS 6.2EG 6.22024-06-28
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413.
- CVE-2024-36789HIGHCVSS 8.1EG 8.12024-06-07
An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards.
- CVE-2024-3735LOWCVSS 3.7EG 3.72024-04-13
A vulnerability was found in Smart Office up to 20240405. It has been classified as problematic. Affected is an unknown function of the file Main.aspx. The manipulation of the argument New Password/Confirm Password with the input 1 leads t…
- CVE-2024-40684MEDIUMCVSS 5.9EG 5.92026-05-27
IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does not require that users sh…
- CVE-2024-40697HIGHCVSS 7.5EG 7.52024-08-13
IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 297895.
- CVE-2024-41683MEDIUMCVSS 5.3EG 5.32024-08-13
A vulnerability has been identified in Location Intelligence family (All versions < V4.4). Affected products do not properly enforce a strong user password policy. This could facilitate a brute force attack against legitimate user password…
- CVE-2024-41778MEDIUMCVSS 5.3EG 5.32025-03-01
IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
- CVE-2024-42173MEDIUMCVSS 4.8EG 4.82025-01-11
HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to guess or brute-force passwords if the username is known.
- CVE-2024-42850CRITICALCVSS 9.8EG 4.32024-08-16
An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.
- CVE-2024-45374MEDIUMCVSS 5.3EG 5.32024-09-26
The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt …
- CVE-2024-47121MEDIUMCVSS 5.3EG 6.52024-09-26
The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and u…
- CVE-2024-47221HIGHCVSS 7.5EG 7.52024-09-22
CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password.
- CVE-2024-48271HIGHCVSS 8.8EG 8.82024-10-30
D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrator access, possibly allowing attackers to bypass authentication and escalate privileges on the device via a bruteforce attack.
- CVE-2024-48272MEDIUMCVSS 6.5EG 6.52024-10-30
D-Link DSL6740C v6.TR069.20211230 was discovered to use an insecure default Wifi password, possibly allowing attackers to connect to the device via a bruteforce attack.
- CVE-2024-48845CRITICALCVSS 9.4EG 9.42024-12-05
Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS S…
- CVE-2024-51398MEDIUMCVSS 6.5EG 6.52024-11-01
Altai Technologies Ltd Altai X500 Indoor 22 802.11ac Wave 2 AP web Management Weak password leakage in the background may lead to unauthorized access, data theft, and network attacks, seriously threatening network security.
- CVE-2024-7293HIGHCVSS 7.5EG 7.52024-10-09
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements.
Map vulnerabilities like CWE-521 to your infrastructure
EchelonGraph correlates every CVE — across CWE-521 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →