A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management menu enables the administrator to set password complexity requirements, but these settings are not saved. The issue can…

CVSS: 7.4 · CWE: CWE-521

View on NVD

A security flaw has been discovered in Intelbras VIP 3260 Z IA 2.840.00IB005.0.T. Affected by this vulnerability is an unknown functionality of the file /OutsideCmd. The manipulation results in weak password recovery. It is possible to launch the attack remotely. Attacks of this nature are highly complex. The exploitation appears to be difficult. It is recommended to upgrade the affected componen…

CVSS: 8.1 · CWE: CWE-640

View on NVD

Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass, Password Recovery Exploitation.This issue affects Sufirmam: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS: 10.0 · CWE: CWE-305

View on NVD

Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Brute Force, Password Recovery Exploitation.This issue affects Sufirmam: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS: 9.4 · CWE: CWE-307

View on NVD

General Industrial Controls Lynx+ Gateway is vulnerable to a weak password requirement vulnerability, which may allow an attacker to execute a brute-force attack resulting in unauthorized access and login.

CVSS: 8.2 · CWE: CWE-521

View on NVD

Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assumed-Immutable Data vulnerability in Optimus Software Brokerage Automation allows Exploiting Trust in Client, Authentication Bypass, Manipulate Registry Information.This issue affects Brokerage Automation: before 1.1.71.

CVSS: 8.1 · CWE: CWE-302

View on NVD

EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting any user's password.

CVSS: 9.8 · CWE: CWE-640

View on NVD

MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from weak password requirements. An attacker can leverage this vulnerability to byp…

CVSS: 9.8 · CWE: CWE-521

View on NVD

Weak Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

CVSS: 9.8 · CWE: CWE-521

View on NVD

Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts.

CVSS: 8.3 · CWE: CWE-521

View on NVD

A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question.

CVSS: 7.0 · CWE: CWE-640

View on NVD

VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks. Impact: Username enumeration → credential brute force risk. Attack Vector: Remote, unauthenticated. Severity: Important. CVSSv3: 8.1 (High). Acknowledgments: Reported by the National Security Agency. Af…

CVSS: 8.1 · CWE: CWE-640

View on NVD

Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material Dashboard material-dashboard.This issue affects Material Dashboard: from n/a through <= 1.4.6.

CVSS: 9.8 · CWE: CWE-640

View on NVD

OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure.

CVSS: 7.4 · CWE: CWE-200

View on NVD

Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack.

CVSS: 9.8 · CWE: CWE-521

View on NVD

Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration psw-login-and-registration allows Password Recovery Exploitation.This issue affects PSW Front-end Login & Registration: from n/a through <= 1.13.

CVSS: 9.8 · CWE: CWE-640

View on NVD

A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). Affected devices only provide weak password obfuscation. An attacker with network access could retrieve and de-obfuscate the safety password used for protection against inadvertent operating errors.

CVSS: 7.5 · CWE: CWE-327

View on NVD

Weak Password Recovery Mechanism for Forgotten Password vulnerability in videowhisper Paid Videochat Turnkey Site ppv-live-webcams allows Password Recovery Exploitation.This issue affects Paid Videochat Turnkey Site: from n/a through <= 7.3.11.

CVSS: 9.8 · CWE: CWE-640

View on NVD

Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login.

CVSS: 9.8 · CWE: CWE-521

View on NVD

SaTECH BCU, in its firmware version 2.1.3, performs weak password encryption. This allows an attacker with access to the device's system or website to obtain the credentials, as the storage methods used are not strong enough in terms of encryption.

CVSS: 7.5 · CWE: CWE-261

View on NVD

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Weak Password Encryption / Encoding OVE-20230524-0007.

CVSS: 9.8 · CWE: CWE-521

View on NVD

An issue was discovered in AudioCodes Mediant Session Border Controller (SBC) before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access to configuration exports (INI) is able to decrypt the passwords.

CVSS: 7.5 · CWE: CWE-327

View on NVD

Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02

CVSS: 9.4 · CWE: CWE-521

View on NVD

Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API calls can circumvent these checks, enabling the creation of accounts with passwords as short as a single…

CVSS: 8.8 · CWE: CWE-602

View on NVD

In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements.

CVSS: 7.5 · CWE: CWE-521

View on NVD

A weak password requirement issue was discovered in Teldats Router RS123, RS123w allows a remote attacker to escalate privileges

CVSS: 8.0 · CWE: CWE-521

View on NVD

Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values.

CVSS: 7.5 · CWE: CWE-916

View on NVD

The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.22. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code.

CVSS: 8.1 · CWE: CWE-640

View on NVD

An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak password recovery mechanism.

CVSS: 9.8 · CWE: CWE-640

View on NVD

YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and enumerated through brute force attacks. Successful attacks can lead to unauthorised access and execution of operations based on assigned user permissions. This vu…

CVSS: 9.8 · CWE: CWE-287

View on NVD

Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This issue affects CDeX application versions through 5.7.1.

CVSS: 8.0 · CWE: CWE-640

View on NVD

Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and the…

CVSS: 8.0 · CWE: CWE-640

View on NVD

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform…

CVSS: 8.8 · CWE: CWE-640

View on NVD

An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements.

CVSS: 9.8 · CWE: CWE-521

View on NVD

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin access and performing arbitrary system operations or disrupt service.

CVSS: 8.8 · CWE: CWE-521

View on NVD

Weak Password Recovery Mechanism for Forgotten Password in GitHub repository linkstackorg/linkstack prior to v4.2.9.

CVSS: 8.8 · CWE: CWE-640

View on NVD

Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which exploitation could allow an attacker to perform a brute force attack on the emailed PIN number in order to change the password of a legitimate user.

CVSS: 8.6 · CWE: CWE-640

View on NVD

I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack.

CVSS: 9.8 · CWE: CWE-521

View on NVD

Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has the line can thus use the URL again to change the password in order to take over the account.

CVSS: 7.8 · CWE: CWE-640

View on NVD

Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0.

CVSS: 8.8 · CWE: CWE-521

View on NVD

Weak Password Requirements in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v 1.2.0.

CVSS: 8.8 · CWE: CWE-521

View on NVD

Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or password sniffing.

CVSS: 7.5 · CWE: CWE-521

View on NVD

Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0.  When users change their password to a simple password (with any character or symbol), attackers can easily guess the user's password and access the account. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apach…

CVSS: 9.8 · CWE: CWE-521

View on NVD

This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device. Successful exploitation of this vulnerability…

CVSS: 9.8 · CWE: CWE-640

View on NVD

Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.

CVSS: 9.8 · CWE: CWE-521

View on NVD

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

CVSS: 7.1 · CWE: CWE-521

View on NVD

A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Ver…

CVSS: 9.8 · CWE: CWE-521

View on NVD

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

CVSS: 9.8 · CWE: CWE-521

View on NVD

Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows information disclosure via a password brute-force attack. An error caused base64 to be decoded.

CVSS: 7.4 · CWE: CWE-307

View on NVD

Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak password vulnerability.

CVSS: 9.8 · CWE: CWE-521

View on NVD

Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS: 9.8 · CWE: CWE-521

View on NVD

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.

CVSS: 9.8 · CWE: CWE-521

View on NVD

Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2.

CVSS: 9.8 · CWE: CWE-521

View on NVD

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2.

CVSS: 8.8 · CWE: CWE-521

View on NVD

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of E…

CVSS: 9.8 · CWE: CWE-640

View on NVD

Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes.

CVSS: 9.8 · CWE: CWE-287

View on NVD

Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes.

CVSS: 9.8 · CWE: CWE-287

View on NVD

The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage.

CVSS: 7.5 · CWE: CWE-327

View on NVD

RuoYi v3.8.3 has a Weak password vulnerability in the management system.

CVSS: 9.8 · CWE: CWE-521

View on NVD

Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7.

CVSS: 9.8 · CWE: CWE-521

View on NVD

Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks.

CVSS: 9.8 · CWE: CWE-521

View on NVD

Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks.

CVSS: 9.8 · CWE: CWE-521

View on NVD

Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1.

CVSS: 9.8 · CWE: CWE-521

View on NVD

Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise.

CVSS: 8.1 · CWE: CWE-521

View on NVD

Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2.

CVSS: 9.8 · CWE: CWE-521

View on NVD

The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be accessed via SSH or Telnet, the former of which is by default enabled on trusted interfaces. While the SSH service does not support root login, a user logging in using either of the other Linux accounts m…

CVSS: 9.6 · CWE: CWE-521

View on NVD

pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php.

CVSS: 9.8 · CWE: CWE-640

View on NVD

Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3.

CVSS: 7.5 · CWE: CWE-640

View on NVD

In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’ passwords with minimal to no computational effort.

CVSS: 7.5 · CWE: CWE-521

View on NVD

Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.

CVSS: 9.0 · CWE: CWE-521

View on NVD

In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover.

CVSS: 8.1 · CWE: CWE-521

View on NVD

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device.

CVSS: 9.8 · CWE: CWE-640

View on NVD

Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time.

CVSS: 7.2 · CWE: CWE-798

View on NVD

Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed Switch MCSESM* and MCSESP* V8.21 and prior which could cause an unauthorized password change through HTTP / HTTPS when basic user information is known by a remote attacker.

CVSS: 9.8 · CWE: CWE-640

View on NVD

Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vu…

CVSS: 8.8 · CWE: CWE-261

View on NVD

A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing.

CVSS: 9.8 · CWE: CWE-521

View on NVD

The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does not implement any lockout or throttling functionality. This situation (together with the weak password policy that forces a 4-digit password) allows remote attackers to easily obtain administrative access via brute-force attacks.

CVSS: 9.8 · CWE: CWE-307

View on NVD

Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH.

CVSS: 9.8 · CWE: CWE-521

View on NVD

eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recovery token (createHash has only a million possibilities).

CVSS: 9.8 · CWE: CWE-640

View on NVD

A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account.

CVSS: 7.5 · CWE: CWE-521

View on NVD

Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessable passwords (e.g., 1 or 1234).

CVSS: 7.5 · CWE: CWE-521

View on NVD

The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a brute force attack.

CVSS: 9.8 · CWE: CWE-307

View on NVD

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force.

CVSS: 9.8 · CWE: CWE-521

View on NVD

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unauthorized access.

CVSS: 9.8 · CWE: CWE-521

View on NVD

MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm

CVSS: 7.5 · CWE: CWE-326

View on NVD

The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the default algorithm for libsodium's crypto_pwhash_str is not used.

CVSS: 7.5 · CWE: CWE-327

View on NVD

Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.

CVSS: 9.8 · CWE: CWE-640

View on NVD

An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches (even guest users) can dump any data contained in the database (sessions, hashed passwords, etc.). This may lead to a full compromise of admin accounts, when combined with the weak password generator algorithm used in the lostpassword…

CVSS: 8.8 · CWE: CWE-89

View on NVD

An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a password-reset process (pass_reset.php, password_reset.php, XDUser.php) in the past few minutes.

CVSS: 9.8 · CWE: CWE-640

View on NVD

Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.

CVSS: 9.8 · CWE: CWE-640

View on NVD

A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button

CVSS: 9.8 · CWE: CWE-20

View on NVD

A weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin account.

CVSS: 7.2 · CWE: CWE-521

View on NVD

Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. This attack appear to be exploitable via Network access to IntegriaIMS web interface . This v…

CVSS: 8.1 · CWE: CWE-640

View on NVD

Davolink DVW-3200N all version prior to Version 1.00.06. The device generates a weak password hash that is easily cracked, allowing a remote attacker to obtain the password for the device.

CVSS: 9.8 · CWE: CWE-916

View on NVD

Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.

CVSS: 9.8 · CWE: CWE-327

View on NVD

Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset arbitrary passwords via unspecified vectors, aka "Weak Password Reset."

CVSS: 9.8 · CWE: CWE-640

View on NVD

An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited set of characters. NOTE: the vendor reports that the 12-character limit provides "a very high security standard.…

CVSS: 9.8 · CWE: CWE-521

View on NVD

A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-…

CVSS: 9.8 · CWE: CWE-521

View on NVD

A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature.

CVSS: 7.5 · CWE: CWE-640

View on NVD

The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.

CVSS: 7.5 · CWE: N/A

View on NVD