Weak Password Requirements
CWE-521

CVE IDCVSSVendorExploitPatchTrends
CVE-2024-7293In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements.
CVSS 8.8Progress

-

Patched

Trending graph for this CVE
CVE-2024-51398Altai Technologies Ltd Altai X500 Indoor 22 802.11ac Wave 2 AP web Management Weak password leakage in the background may lead to unauthorized access, data theft, and network attacks, seriously threatening network security.
CVSS 6.5

-

-

Trending graph for this CVE
CVE-2024-48272D-Link DSL6740C v6.TR069.20211230 was discovered to use an insecure default Wifi password, possibly allowing attackers to connect to the device via a bruteforce attack.
CVSS 6.5Dlink

-

-

Trending graph for this CVE
CVE-2024-48271D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrator access, possibly allowing attackers to bypass authentication and escalate privileges on the device via a bruteforce attack.
CVSS 8.8Dlink

-

-

Trending graph for this CVE
CVE-2024-47221CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password.
CVSS 7.5Rapidscada

-

Patched

Trending graph for this CVE
CVE-2024-47121The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast with that particular key. This only applies when the key is broadcasted over RF. This is an optional feature, so it is recommended to use local QR encryption key sharing for additional security on this and previous versions.
CVSS 5.3

-

-

Trending graph for this CVE
CVE-2024-45374The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast with that particular key. This only applies when the key is broadcasted over RF. This is an optional feature, so it is advised to use local QR encryption key sharing for additional security on this and previous versions.
CVSS 6.5

-

-

Trending graph for this CVE
CVE-2024-42850An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.
CVSS 9.8Silverpeas

Exploit

Patched

Trending graph for this CVE
CVE-2024-41683A vulnerability has been identified in Location Intelligence family (All versions < V4.4). Affected products do not properly enforce a strong user password policy. This could facilitate a brute force attack against legitimate user passwords.
CVSS 5.3Siemens

-

Patched

Trending graph for this CVE
CVE-2024-40697IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 297895.
CVSS 7.5Ibm

-

Patched

Trending graph for this CVE
CVE-2024-3735A vulnerability was found in Smart Office up to 20240405. It has been classified as problematic. Affected is an unknown function of the file Main.aspx. The manipulation of the argument New Password/Confirm Password with the input 1 leads to weak password requirements. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 3.7

-

-

Trending graph for this CVE
CVE-2024-36789An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards.
CVSS 8.1Netgear

-

-

Trending graph for this CVE
CVE-2024-35137IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413.
CVSS 6.2Ibm

-

Patched

Trending graph for this CVE
CVE-2024-3263YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and enumerated through brute force attacks. Successful attacks can lead to unauthorised access and execution of operations based on assigned user permissions. This vulnerability affects VIS Pro in versions <= 3.3.0.6. This vulnerability has been mitigated by changes in authentication mechanisms and implementation of additional authentication layer and strong password policies.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2024-32213The LoMag WareHouse Management application version 1.0.20.120 and older were found to allow weak passwords. By default, hard-coded passwords of 10 characters with little or no complexity are allowed.
CVSS 5.3Apache

-

-

Trending graph for this CVE
CVE-2024-29208An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later.
CVSS LowUbiquiti

Exploit

-

Trending graph for this CVE
CVE-2024-25729Arris SBG6580 devices have predictable default WPA2 security passwords that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last octet.)
CVSS 8.8Arris

-

-

Trending graph for this CVE
CVE-2024-22355IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 280781.
CVSS 5.9Ibm

-

-

Trending graph for this CVE
CVE-2024-21865HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell.
CVSS 6.5

-

-

Trending graph for this CVE
CVE-2024-1346Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants.
CVSS 6.8Mysql

Exploit

-

Trending graph for this CVE
CVE-2024-1345Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to perform a brute force attack and easily discover the root password.
CVSS 6.8

-

-

Trending graph for this CVE
CVE-2024-0676Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack.
CVSS 7.1Lamassu

-

-

Trending graph for this CVE
CVE-2024-0347A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file signup_teacher.php. The manipulation of the argument Password leads to weak password requirements. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250115.
CVSS 3.7Engineers online portal project

Exploit

-

Trending graph for this CVE
CVE-2024-0188A vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online Portal 1.0. This affects an unknown part of the file change_password_teacher.php. The manipulation leads to weak password requirements. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-249501 was assigned to this vulnerability.
CVSS 8.1Nia

Exploit

-

Trending graph for this CVE
CVE-2023-7053A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/signup.php. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248740.
CVSS 8.8Phpgurukul

Exploit

-

Trending graph for this CVE
CVE-2023-50305IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336.
CVSS 5.1Ibm

-

Patched

Trending graph for this CVE
CVE-2023-49238In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in.
CVSS 9.8Gradle

-

Patched

Trending graph for this CVE
CVE-2023-43016IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154.
CVSS 7.3Ibm

-

Patched

Trending graph for this CVE
CVE-2023-41923The user management section of the web application permits the creation of user accounts with excessively weak passwords, including single-character passwords.
CVSS 7.2Microsoft

-

-

Trending graph for this CVE
CVE-2023-41353Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin access and performing arbitrary system operations or disrupt service.
CVSS 8.8

-

-

Trending graph for this CVE
CVE-2023-4125Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0.
CVSS 8.8Answer

Exploit

Patched

Trending graph for this CVE
CVE-2023-40707There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don't set up complex credentials.
CVSS 7.5

-

-

Trending graph for this CVE
CVE-2023-40539Philips Vue PACS does not require that users have strong passwords, which could make it easier for attackers to compromise user accounts.
CVSS 5.9Philips

-

-

Trending graph for this CVE
CVE-2023-38369IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196.
CVSS 7.5Ibm

-

Patched

Trending graph for this CVE
CVE-2023-37756I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack.
CVSS 9.8I-doit

Exploit

-

Trending graph for this CVE
CVE-2023-37503HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.
CVSS 9.8Hcltech

-

Patched

Trending graph for this CVE
CVE-2023-34995 There are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password guidelines.
CVSS 9.8Piigab

-

-

Trending graph for this CVE
CVE-2023-3470 Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account.  The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS HSM, the information required to generate the correct password.  On vCMP systems, all Guests share the same deterministic password, allowing those with TMSH access on one Guest to access keys of a different Guest. The following BIG-IP hardware platforms are affected: 10350v-F, i5820-DF, i7820-DF, i15820-DF, 5250v-F, 7200v-F, 10200v-F, 6900-F, 8900-F, 11000-F, and 11050-F. The BIG-IP rSeries r5920-DF and r10920-DF are not affected, nor does the issue affect software FIPS implementations or network HSM configurations. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS 6F5

-

Patched

Trending graph for this CVE
CVE-2023-34240Cloudexplorer-lite is an open source cloud software stack. Weak passwords can be easily guessed and are an easy target for brute force attacks. This can lead to an authentication system failure and compromise system security. Versions of cloudexplorer-lite prior to 1.2.0 did not enforce strong passwords. This vulnerability has been fixed in version 1.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 9.8Fit2cloud

-

Patched

Trending graph for this CVE
CVE-2023-3423Weak Password Requirements in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v 1.2.0.
CVSS 8.8Fit2cloud

Exploit

Patched

Trending graph for this CVE
CVE-2023-31098Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0.  When users change their password to a simple password (with any character or symbol), attackers can easily guess the user's password and access the account. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7805 https://github.com/apache/inlong/pull/7805 to solve it.
CVSS 9.8Apache

-

Patched

Trending graph for this CVE
CVE-2023-3089A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
CVSS 7.5Redhat

-

Patched

Trending graph for this CVE
CVE-2023-29974An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements.
CVSS 9.8Pfsense

-

-

Trending graph for this CVE
CVE-2023-25184Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, and SkySpider MB-R210 firmware Ver. 1.01.00 and earlier.
CVSS 7.5

-

Patched

Trending graph for this CVE
CVE-2023-25072Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product.
CVSS 7.5

-

Patched

Trending graph for this CVE
CVE-2023-24049An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management.
CVSS 9.8Connectize

-

-

Trending graph for this CVE
CVE-2023-22451Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the `AUTH_PASSWORD_VALIDATORS` configuration setting. As of version 11.7, the password can’t be too similar to other personal information, must contain at least 10 characters, can’t be a commonly used password, and can’t be entirely numeric. As a workaround, an administrator may reset all passwords in Kiwi TCMS if they think a weak password may have been chosen.
CVSS 8.8Kiwitcms

-

Patched

Trending graph for this CVE
CVE-2023-2160Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0.
CVSS 9.8Modoboa

Exploit

Patched

Trending graph for this CVE
CVE-2023-2106Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.
CVSS 9.8Calibre-web project

Exploit

Patched

Trending graph for this CVE
CVE-2023-1753Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVSS 9.8Phpmyfaq

Exploit

Patched

Trending graph for this CVE
CVE-2023-0793Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
CVSS 8.8Phpmyfaq

Exploit

Patched

Trending graph for this CVE
CVE-2023-0641A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password requirements. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-220021 was assigned to this vulnerability.
CVSS 9.1Employee leaves management system project

Exploit

-

Trending graph for this CVE
CVE-2023-0569Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.
CVSS 6.5Publify project

-

Patched

Trending graph for this CVE
CVE-2023-0564Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10.
CVSS 7.5Froxlor

Exploit

Patched

Trending graph for this CVE
CVE-2023-0307Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
CVSS 9.8Phpmyfaq

-

Patched

Trending graph for this CVE
CVE-2022-45635An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy.
CVSS 7.5Megafeis

Exploit

-

Trending graph for this CVE
CVE-2022-45482Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2022-44236Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak password vulnerability.
CVSS 9.8Zed-3

Exploit

-

Trending graph for this CVE
CVE-2022-43030Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can be used by attackers to gain server privileges
CVSS 7.2Siyucms

Exploit

-

Trending graph for this CVE
CVE-2022-41969Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 contain a fix for the issue. As a workaround, don't create user accounts with long passwords.
CVSS 2.7Nextcloud

-

Patched

Trending graph for this CVE
CVE-2022-39997A weak password requirement issue was discovered in Teldats Router RS123, RS123w allows a remote attacker to escalate privileges
CVSS 8

-

-

Trending graph for this CVE
CVE-2022-3754Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
CVSS 9.8Phpmyfaq

Exploit

Patched

Trending graph for this CVE
CVE-2022-37164Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes.
CVSS 9.8Ontrack project

-

-

Trending graph for this CVE
CVE-2022-37163Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2022-37158RuoYi v3.8.3 has a Weak password vulnerability in the management system.
CVSS 9.8Iocoder

Exploit

-

Trending graph for this CVE
CVE-2022-36301BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password.
CVSS 7.5Bosch

-

Patched

Trending graph for this CVE
CVE-2022-35280IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 230634.
CVSS 9.8Ibm

-

-

Trending graph for this CVE
CVE-2022-35198Contract Management System v2.0 contains a weak default password which gives attackers to access database connection information.
CVSS 7.5Contract management system project

Exploit

-

Trending graph for this CVE
CVE-2022-35143Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks.
CVSS 9.8Raneto project

Exploit

Patched

Trending graph for this CVE
CVE-2022-34772Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting.
CVSS 8.8Tabit

-

-

Trending graph for this CVE
CVE-2022-34615Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks.
CVSS 9.8Mealie

-

-

Trending graph for this CVE
CVE-2022-34333IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698.
CVSS 7.5Ibm

-

Patched

Trending graph for this CVE
CVE-2022-3376Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.
CVSS 5.3Ikus-soft

Exploit

Patched

Trending graph for this CVE
CVE-2022-3326Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9.
CVSS 4.3Ikus-soft

Exploit

Patched

Trending graph for this CVE
CVE-2022-3268Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2.
CVSS 9.8Ikus-soft

Exploit

Patched

Trending graph for this CVE
CVE-2022-32513A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0)
CVSS HIGH

-

Patched

Trending graph for this CVE
CVE-2022-3179Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2.
CVSS 8.8Ikus-soft

Exploit

Patched

Trending graph for this CVE
CVE-2022-31211An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2022-30325An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits. The device default pre-shared key for both 2.4 GHz and 5 GHz networks can be guessed or brute-forced by an attacker within range of the Wi-Fi network.
CVSS 8.8Trendnet

-

-

Trending graph for this CVE
CVE-2022-29729Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page.
CVSS 7.5Verizon

Exploit

Patched

Trending graph for this CVE
CVE-2022-29700A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification.
CVSS 7.5Zammad

-

Patched

Trending graph for this CVE
CVE-2022-2927Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7.
CVSS 9.8Notrinos

Exploit

Patched

Trending graph for this CVE
CVE-2022-29098Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise.
CVSS 7.5Dell

-

Patched

Trending graph for this CVE
CVE-2022-28377On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password can be generated via a binary included in the firmware, after ascertaining the MAC address of the IDU's base Ethernet interface, and adding the string DEVICE_MANUFACTURER='Wistron_NeWeb_Corp.' to /etc/device_info to replicate the host environment. This occurs in /etc/init.d/wnc_factoryssidkeypwd (IDU).
CVSS 7.5Verizon

Exploit

Patched

Trending graph for this CVE
CVE-2022-27558HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking.
CVSS 7.5Hcltech

-

Patched

Trending graph for this CVE
CVE-2022-26117An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI.
CVSS 8.8Fortinet

-

Patched

Trending graph for this CVE
CVE-2022-22110In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’ passwords with minimal to no computational effort.
CVSS 7.5Daybydaycrm

-

Patched

Trending graph for this CVE
CVE-2022-2098Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1.
CVSS 9.8Kromit

Exploit

Patched

Trending graph for this CVE
CVE-2022-1775Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2.
CVSS 9.8Trudesk project

Exploit

Patched

Trending graph for this CVE
CVE-2022-1668Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH.
CVSS 9.8Secheron

-

-

Trending graph for this CVE
CVE-2022-1236Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0.
CVSS 6.5Weseek

-

Patched

Trending graph for this CVE
CVE-2022-1039The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be accessed via SSH or Telnet, the former of which is by default enabled on trusted interfaces. While the SSH service does not support root login, a user logging in using either of the other Linux accounts may elevate to root access using the su command if they have access to the associated password.
CVSS 9.8Redlion

-

-

Trending graph for this CVE
CVE-2021-43471In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of service vulnerability.
CVSS 7.5Canon

Exploit

-

Trending graph for this CVE
CVE-2021-43036An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the PostgreSQL wguest account is weak.
CVSS 9.8Kaseya

Exploit

Patched

Trending graph for this CVE
CVE-2021-41696An authentication bypass (account takeover) vulnerability exists in Premiumdatingscript 4.2.7.7 due to a weak password reset mechanism in requests\user.php.
CVSS 6.5Globaldatingsoftware

Exploit

-

Trending graph for this CVE
CVE-2021-41296ECOA BAS controller uses weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.
CVSS 9.8Ecoa

-

-

Trending graph for this CVE
CVE-2021-40520Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials.
CVSS 9.8Airangel

Exploit

-

Trending graph for this CVE
CVE-2021-40333Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.
CVSS 7.1Hitachienergy

-

Patched

Trending graph for this CVE
CVE-2021-39434A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220.
CVSS 7.5Zkteco

-

-

Trending graph for this CVE
CVE-2021-39064IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and incorrectly handles default credentials for the Spectrum Copy Data Management Admin console. IBM X-Force ID: 214957.
CVSS 7.5Ibm

-

Patched

Trending graph for this CVE