Total
192 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-1680 | 1 Ibm | 1 Security Privileged Identity Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 145236. | |||||
CVE-2019-4235 | 1 Ibm | 1 Pureapplication System | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417. | |||||
CVE-2019-3758 | 1 Rsa | 1 Archer | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts. | |||||
CVE-2019-9950 | 1 Westerndigital | 18 My Cloud, My Cloud Dl2100, My Cloud Dl2100 Firmware and 15 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an authentication bypass vulnerability. The login_mgr.cgi file checks credentials against /etc/shadow. However, the "nobody" account (which can be used to access the control panel API as a low-privilege logged-in user) has a default empty password, allowing an attacker to modify the My Cloud EX2 Ultra web page source code and obtain access to the My Cloud as a non-Admin My Cloud device user. | |||||
CVE-2017-9818 | 1 Npci | 1 Bharat Interface For Money \(bhim\) | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The National Payments Corporation of India BHIM application 1.3 for Android relies on a four-digit passcode, which makes it easier for attackers to obtain access. | |||||
CVE-2018-18562 | 1 Roche | 8 Accu-chek Inform Ii, Accu-chek Inform Ii Firmware, Base Unit Hub and 5 more | 2024-02-28 | 3.3 LOW | 8.8 HIGH |
An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Weak access credentials may enable attackers in the adjacent network to gain unauthorized service access via a service interface. | |||||
CVE-2018-15719 | 1 Opendental | 1 Opendental | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all database information. | |||||
CVE-2018-15766 | 1 Dell | 2 Encryption, Endpoint Security Suite Enterprise | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the "Minimum Password Length" group policy object to a value of 1 on that device. This allows for users to bypass any existing policy for password length and potentially create insecure password on their device. This value is defined during the installation of the "Encryption Management Agent" or "EMAgent" application. There are no other known values modified. | |||||
CVE-2018-19064 | 2 Foscam, Opticam | 6 C2, C2 Application Firmware, C2 System Firmware and 3 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ftpuser1 account has a blank password, which cannot be changed. | |||||
CVE-2019-7676 | 1 Enphase | 1 Envoy | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
A weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin account. | |||||
CVE-2017-1597 | 1 Ibm | 1 Security Guardium | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132610. | |||||
CVE-2018-16703 | 1 Gleeztech | 1 Gleez Cms | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker to perform multiple user enumerations, which can further help an attacker to perform login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side access control and login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Portal login page. An exploit could allow the attacker to identify existing users and perform brute-force password attacks on the Portal, as demonstrated by navigating to the user/4 URI. | |||||
CVE-2018-15748 | 1 Dell | 4 2335dn, 2335dn Engine Firmware, 2335dn Network Firmware and 1 more | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of the Email Settings webpage. In some cases, authentication can be achieved with the blank default password for the admin account. NOTE: the vendor indicates that this is an "End Of Support Life" product. | |||||
CVE-2018-1956 | 1 Ibm | 1 Security Identity Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Identity Manager 6.0.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 153628. | |||||
CVE-2019-7674 | 1 Mobotix | 2 S14, S14 Firmware | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /admin/access accepts a request to set the "aaaaa" password, considered insecure for some use cases, from a user. | |||||
CVE-2019-9123 | 1 Dlink | 2 Dir-825 Rev.b, Dir-825 Rev.b Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "user" account has a blank password. | |||||
CVE-2018-1372 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 137772. | |||||
CVE-2017-1601 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624. | |||||
CVE-2018-1000134 | 1 Pingidentity | 1 Ldapsdk | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty password when running in synchronous mode. commit with applied fix https://github.com/pingidentity/ldapsdk/commit/8471904a02438c03965d21367890276bc25fa5a6#diff-f6cb23b459be1ec17df1da33760087fd that can result in Ability to impersonate any valid user. This attack appear to be exploitable via Providing valid username and empty password against servers that do not do additional validation as per https://tools.ietf.org/html/rfc4513#section-5.1.1. This vulnerability appears to have been fixed in after commit 8471904a02438c03965d21367890276bc25fa5a6. | |||||
CVE-2018-0204 | 1 Cisco | 1 Prime Collaboration Provisioning | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for individual users. The vulnerability is due to weak login controls. An attacker could exploit this vulnerability by using a brute-force attack (Repeated Bad Login Attempts). A successful exploit could allow the attacker to restrict user access. Manual administrative intervention is required to restore access. Cisco Bug IDs: CSCvd07264. |