Total
178 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38369 | 1 Ibm | 1 Security Access Manager Container | 2024-02-10 | N/A | 7.5 HIGH |
| IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196. | |||||
| CVE-2020-4574 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 184181. | |||||
| CVE-2024-0676 | 1 Lamassu | 4 Douro, Douro Firmware, Douro Ii and 1 more | 2024-02-08 | N/A | 7.1 HIGH |
| Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack. | |||||
| CVE-2023-43016 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2024-02-07 | N/A | 7.3 HIGH |
| IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154. | |||||
| CVE-2023-2160 | 1 Modoboa | 1 Modoboa | 2023-12-18 | N/A | 9.8 CRITICAL |
| Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0. | |||||
| CVE-2023-1753 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-18 | N/A | 9.8 CRITICAL |
| Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | |||||
| CVE-2023-0793 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-18 | N/A | 8.8 HIGH |
| Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | |||||
| CVE-2023-0564 | 1 Froxlor | 1 Froxlor | 2023-12-18 | N/A | 7.5 HIGH |
| Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10. | |||||
| CVE-2023-24049 | 1 Connectize | 2 Ac21000 G6, Ac21000 G6 Firmware | 2023-12-08 | N/A | 9.8 CRITICAL |
| An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management. | |||||
| CVE-2023-29974 | 1 Pfsense | 1 Pfsense | 2023-11-16 | N/A | 9.8 CRITICAL |
| An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements. | |||||
| CVE-2023-41353 | 1 Nokia | 2 G-040w-q, G-040w-q Firmware | 2023-11-13 | N/A | 8.8 HIGH |
| Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin access and performing arbitrary system operations or disrupt service. | |||||
| CVE-2019-9123 | 1 Dlink | 2 Dir-825 Rev.b, Dir-825 Rev.b Firmware | 2023-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "user" account has a blank password. | |||||
| CVE-2023-3089 | 1 Redhat | 6 Enterprise Linux, Openshift Container Platform, Openshift Container Platform For Arm64 and 3 more | 2023-11-07 | N/A | 7.5 HIGH |
| A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. | |||||
| CVE-2023-37756 | 1 I-doit | 1 I-doit | 2023-11-07 | N/A | 9.8 CRITICAL |
| I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack. | |||||
| CVE-2022-34333 | 1 Ibm | 1 Sterling Order Management | 2023-11-07 | N/A | 7.5 HIGH |
| IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698. | |||||
| CVE-2021-35498 | 1 Tibco | 2 Ebx, Product And Service Catalog Powered By Tibco Ebx | 2023-11-07 | 9.3 HIGH | 9.8 CRITICAL |
| The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that under certain specific conditions allows an attacker to enter a password other than the legitimate password and it will be accepted as valid. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.123 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, and 5.9.14, TIBCO EBX: versions 6.0.0 and 6.0.1, and TIBCO Product and Service Catalog powered by TIBCO EBX: version 1.0.0. | |||||
| CVE-2021-1522 | 1 Cisco | 1 Connected Mobile Experiences | 2023-11-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device. This vulnerability exists because a password policy check is incomplete at the time a password is changed at server side using the API. An attacker could exploit this vulnerability by sending a specially crafted API request to the affected device. A successful exploit could allow the attacker to change their own password to a value that does not comply with the configured strong authentication requirements. | |||||
| CVE-2020-8296 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2023-11-07 | 4.6 MEDIUM | 6.7 MEDIUM |
| Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured. | |||||
| CVE-2020-15115 | 2 Fedoraproject, Redhat | 2 Fedora, Etcd | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort. | |||||
| CVE-2019-14833 | 3 Fedoraproject, Opensuse, Samba | 3 Fedora, Leap, Samba | 2023-11-07 | 4.9 MEDIUM | 5.4 MEDIUM |
| A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks. | |||||