Vulnerabilities (CVE)

Filtered by CWE-521
Total 167 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-0347 1 Engineers Online Portal Project 1 Engineers Online Portal 2024-03-21 2.6 LOW 3.7 LOW
A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file signup_teacher.php. The manipulation of the argument Password leads to weak password requirements. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250115.
CVE-2024-0188 1 Nia 1 Rrj Nueva Ecija Engineer Online Portal 2024-03-21 2.1 LOW 8.1 HIGH
A vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online Portal 1.0. This affects an unknown part of the file change_password_teacher.php. The manipulation leads to weak password requirements. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-249501 was assigned to this vulnerability.
CVE-2023-7053 1 Phpgurukul 1 Online Notes Sharing System 2024-03-21 2.6 LOW 8.8 HIGH
A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/signup.php. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248740.
CVE-2023-0641 1 Employee Leaves Management System Project 1 Employee Leaves Management System 2024-03-21 2.6 LOW 9.1 CRITICAL
A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password requirements. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-220021 was assigned to this vulnerability.
CVE-2020-11966 1 Evenroute 2 Iqrouter, Iqrouter Firmware 2024-03-21 7.5 HIGH 9.8 CRITICAL
In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”
CVE-2017-9853 1 Sma 78 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 75 more 2024-03-21 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited set of characters. NOTE: the vendor reports that the 12-character limit provides "a very high security standard." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
CVE-2017-7306 1 Riverbed 1 Rios 2024-03-21 1.9 LOW 6.4 MEDIUM
Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for supporting arbitrary password changes by customers; however, a password change is optional to meet different customers' needs
CVE-2017-7305 1 Riverbed 1 Rios 2024-03-21 2.1 LOW 4.6 MEDIUM
Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for a bootloader password; however, this password is optional to meet different customers' needs
CVE-2023-50305 1 Ibm 2 Engineering Requirements Management Doors, Engineering Requirements Management Doors Web Access 2024-03-07 N/A 5.1 MEDIUM
IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336.
CVE-2024-22355 2024-03-04 N/A 5.9 MEDIUM
IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 280781.
CVE-2024-1345 2024-02-20 N/A 6.8 MEDIUM
Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to perform a brute force attack and easily discover the root password.
CVE-2024-1346 2024-02-20 N/A 6.8 MEDIUM
Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants.
CVE-2023-49238 1 Gradle 1 Enterprise 2024-02-16 N/A 9.8 CRITICAL
In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in.
CVE-2023-38369 1 Ibm 1 Security Access Manager Container 2024-02-10 N/A 7.5 HIGH
IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196.
CVE-2020-4574 1 Ibm 1 Security Key Lifecycle Manager 2024-02-09 5.0 MEDIUM 7.5 HIGH
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 184181.
CVE-2024-0676 1 Lamassu 4 Douro, Douro Firmware, Douro Ii and 1 more 2024-02-08 N/A 7.1 HIGH
Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack.
CVE-2023-43016 1 Ibm 2 Security Verify Access, Security Verify Access Docker 2024-02-07 N/A 7.3 HIGH
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154.
CVE-2023-2160 1 Modoboa 1 Modoboa 2023-12-18 N/A 9.8 CRITICAL
Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0.
CVE-2023-1753 1 Phpmyfaq 1 Phpmyfaq 2023-12-18 N/A 9.8 CRITICAL
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-0793 1 Phpmyfaq 1 Phpmyfaq 2023-12-18 N/A 8.8 HIGH
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.