Vulnerabilities (CVE)

Filtered by CWE-521
Total 192 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-7492 1 Schneider-electric 1 Gp-pro Ex Firmware 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded.
CVE-2020-15115 2 Fedoraproject, Redhat 2 Fedora, Etcd 2024-02-28 5.0 MEDIUM 7.5 HIGH
etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort.
CVE-2019-19093 1 Hitachienergy 1 Esoms 2024-02-28 6.4 MEDIUM 6.5 MEDIUM
eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords.
CVE-2020-6995 1 Moxa 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unauthorized access.
CVE-2019-9096 1 Moxa 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Insufficient password requirements for the MGate web application may allow an attacker to gain access by brute-forcing account passwords.
CVE-2019-18988 1 Teamviewer 1 Teamviewer 2024-02-28 4.4 MEDIUM 7.0 HIGH
TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the current version of the product. If an attacker were to know this key, they could decrypt protect information stored in the registry or configuration files of TeamViewer. With versions before v9.x , this allowed for attackers to decrypt the Unattended Access password to the system (which allows for remote login to the system as well as headless file browsing). The latest version still uses the same key for OptionPasswordAES but appears to have changed how the Unattended Access password is stored. While in most cases an attacker requires an existing session on a system, if the registry/configuration keys were stored off of the machine (such as in a file share or online), an attacker could then decrypt the required password to login to the system.
CVE-2011-4931 2 Debian, Gpw Project 2 Debian Linux, Gpw 2024-02-28 5.0 MEDIUM 7.5 HIGH
gpw generates shorter passwords than required
CVE-2019-18828 1 Barco 8 Clickshare Cs-100, Clickshare Cs-100 Firmware, Clickshare Cse-200 and 5 more 2024-02-28 7.2 HIGH 6.8 MEDIUM
Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account (present for access via debug interfaces, which are by default not enabled on production devices) of the embedded Linux on the ClickShare Button is using a weak password.
CVE-2019-4565 1 Ibm 1 Security Key Lifecycle Manager 2024-02-28 5.0 MEDIUM 7.5 HIGH
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626.
CVE-2019-19747 1 Neuvector 1 Neuvector 2024-02-28 7.5 HIGH 9.8 CRITICAL
NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password (provided that the active directory server has not been configured to reject empty passwords).
CVE-2020-8632 3 Canonical, Debian, Opensuse 3 Cloud-init, Debian Linux, Leap 2024-02-28 2.1 LOW 5.5 MEDIUM
In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.
CVE-2019-14833 3 Fedoraproject, Opensuse, Samba 3 Fedora, Leap, Samba 2024-02-28 4.9 MEDIUM 5.4 MEDIUM
A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.
CVE-2019-19690 2 Google, Trendmicro 2 Android, Mobile Security 2024-02-28 7.5 HIGH 9.8 CRITICAL
Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature.
CVE-2020-9023 1 Iteris 2 Vantage Velocity, Vantage Velocity Firmware 2024-02-28 7.5 HIGH 9.8 CRITICAL
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords (User bluetooth, password bluetooth; User eclipse, password eclipse). Also, bluetooth is the root password.
CVE-2020-7940 1 Plone 1 Plone 2024-02-28 5.0 MEDIUM 7.5 HIGH
Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking.
CVE-2019-7488 1 Sonicwall 1 Email Security Appliance 2024-02-28 7.5 HIGH 9.8 CRITICAL
Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version 10.0.2 and earlier.
CVE-2020-8988 1 Voatz 1 Voatz 2024-02-28 4.3 MEDIUM 5.9 MEDIUM
The Voatz application 2020-01-01 for Android allows only 100 million different PINs, which makes it easier for attackers (after using root access to make a copy of the local database) to discover login credentials and voting history via an offline brute-force approach.
CVE-2019-4321 1 Ibm 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics 2024-02-28 5.0 MEDIUM 7.5 HIGH
IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201.
CVE-2019-13918 1 Siemens 1 Sinema Remote Connect Server 2024-02-28 7.5 HIGH 9.8 CRITICAL
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no user interaction. The vulnerability could allow full access to the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known.
CVE-2019-4067 1 Ibm 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics 2024-02-28 5.0 MEDIUM 7.5 HIGH
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 157012.