Vulnerabilities (CVE)

Filtered by CWE-521
Total 192 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-1345 2024-02-28 N/A 6.8 MEDIUM
Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to perform a brute force attack and easily discover the root password.
CVE-2023-38369 1 Ibm 1 Security Access Manager Container 2024-02-28 N/A 7.5 HIGH
IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196.
CVE-2024-0676 1 Lamassu 4 Douro, Douro Firmware, Douro Ii and 1 more 2024-02-28 N/A 7.1 HIGH
Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack.
CVE-2023-37503 1 Hcltech 1 Hcl Compass 2024-02-28 N/A 9.8 CRITICAL
HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.
CVE-2023-41353 1 Nokia 2 G-040w-q, G-040w-q Firmware 2024-02-28 N/A 8.8 HIGH
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin access and performing arbitrary system operations or disrupt service.
CVE-2023-40707 1 Opto22 2 Snap Pac S1, Snap Pac S1 Firmware 2024-02-28 N/A 7.5 HIGH
There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don't set up complex credentials.
CVE-2023-37756 1 I-doit 1 I-doit 2024-02-28 N/A 9.8 CRITICAL
I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack.
CVE-2023-4125 1 Answer 1 Answer 2024-02-28 N/A 8.8 HIGH
Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0.
CVE-2023-1753 1 Phpmyfaq 1 Phpmyfaq 2024-02-28 N/A 9.8 CRITICAL
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-3423 1 Fit2cloud 1 Cloudexplorer Lite 2024-02-28 N/A 8.8 HIGH
Weak Password Requirements in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v 1.2.0.
CVE-2023-25184 1 Seiko-sol 6 Skybridge Basic Mb-a130, Skybridge Basic Mb-a130 Firmware, Skybridge Mb-a200 and 3 more 2024-02-28 N/A 7.5 HIGH
Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, and SkySpider MB-R210 firmware Ver. 1.01.00 and earlier.
CVE-2023-34240 1 Fit2cloud 1 Cloudexplorer Lite 2024-02-28 N/A 9.8 CRITICAL
Cloudexplorer-lite is an open source cloud software stack. Weak passwords can be easily guessed and are an easy target for brute force attacks. This can lead to an authentication system failure and compromise system security. Versions of cloudexplorer-lite prior to 1.2.0 did not enforce strong passwords. This vulnerability has been fixed in version 1.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-3089 1 Redhat 6 Enterprise Linux, Openshift Container Platform, Openshift Container Platform For Arm64 and 3 more 2024-02-28 N/A 7.5 HIGH
A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
CVE-2023-34995 1 Piigab 2 M-bus 900s, M-bus 900s Firmware 2024-02-28 N/A 9.8 CRITICAL
There are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password guidelines.
CVE-2023-2060 1 Mitsubishielectric 8 Fx5-enet\/ip, Fx5-enet\/ip Firmware, Rj71eip91 and 5 more 2024-02-28 N/A 7.5 HIGH
Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or password sniffing.
CVE-2023-2160 1 Modoboa 1 Modoboa 2024-02-28 N/A 9.8 CRITICAL
Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0.
CVE-2023-25072 1 Seiko-sol 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more 2024-02-28 N/A 7.5 HIGH
Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product.
CVE-2022-45635 1 Megafeis 1 Bofei Dbd\+ 2024-02-28 N/A 7.5 HIGH
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy.
CVE-2023-2106 1 Calibre-web Project 1 Calibre-web 2024-02-28 N/A 9.8 CRITICAL
Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.
CVE-2022-34333 1 Ibm 1 Sterling Order Management 2024-02-28 N/A 7.5 HIGH
IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698.