CVE Daily
← All tags

Tag: Default Credentials

All CVEs associated with "Default Credentials". Page 5/5 • 518 CVEs.

Subscribe CVEs: RSS for “Default Credentials”  ·  RSS (High+Critical only)

About “Default Credentials”

A curated feed of “Default Credentials”-related CVEs appears below. We currently track 518 CVEs for this tag (all time). In the last 365 days, 100 were published. Average CVSS is 8.4 (all time; 8.0 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-1392 - Use of Default Credentials, CWE-798 - Use of Hard-coded Credentials, CWE-1393 - Use of Default Password.

In our taxonomy this topic maps to a HIGH impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2008-03-10
Critical

CVE-2008-1256

The ZyXEL P-660HW series router has "admin" as its default password, which allows remote attackers to gain administrative access.

CVSS: 10.0 CWE: N/A View on NVD
2008-01-23
Critical

CVE-2008-0029

Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges.

CVSS: 10.0 CWE: CWE-255 View on NVD
2007-12-06
Medium

CVE-2007-6260

The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the inst…

CVSS: 6.8 CWE: CWE-255 View on NVD
2007-10-30
Medium

CVE-2007-5714

The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitr…

CVSS: 6.8 CWE: CWE-287 - Improper Authentication View on NVD
2007-09-06
Critical

CVE-2007-4746

The Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surve…

CVSS: 9.0 CWE: CWE-264 View on NVD
2007-08-30
Medium

CVE-2007-4598

IBM SurePOS 500 has (1) a default password of "12345" for the manager and (2) blank default passwords for operator accounts.

CVSS: 4.6 CWE: CWE-255 View on NVD
2007-08-13
Medium

CVE-2007-4316

The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device has a certain default password, which allows remote attackers to perform administrative actions.

CVSS: 4.3 CWE: N/A View on NVD
2007-06-27
Critical

CVE-2007-3465

Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, has a certain default password.

CVSS: 10.0 CWE: N/A View on NVD
2007-04-26
Critical

CVE-2007-2282

Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and…

CVSS: 10.0 CWE: N/A View on NVD
2006-12-23
High

CVE-2006-6718

The Allied Telesis AT-9000/24 Ethernet switch has a default password for its admin account, "manager," which allows remote attackers to perform unauthorized actions.

CVSS: 7.5 CWE: N/A View on NVD
2006-09-09
High

CVE-2006-4652

(1) Amazing Little Poll and (2) Amazing Little Picture Poll have a default password of "dsapoll", which allows remote attackers to create a new poll by entering default credentials via lp_admin.php.

CVSS: 7.5 CWE: N/A View on NVD
2006-04-26
High

CVE-2006-2044

na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a default username of admin and a default password of admin.

CVSS: 7.5 CWE: N/A View on NVD
2006-03-06
Medium

CVE-2006-1009

M4 Project enigma-suite before 0.73.3 (Windows) has a default password of "nominal" for the "enigma-client" account, which allows local users to gain access.

CVSS: 4.6 CWE: N/A View on NVD
2006-02-22
High

CVE-2006-0834

Uniden UIP1868P VoIP Telephone and Router has a default password of admin for the web-based configuration utility, which allows remote attackers to obtain sensitive information on the device such as…

CVSS: 7.5 CWE: N/A View on NVD
2006-01-12
High

CVE-2006-0181

Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.1.3 has an undocumented administrative account with a default password, which allows local users to gain privileges via the…

CVSS: 7.2 CWE: N/A View on NVD
2005-12-07
High

CVE-2005-4045

Unspecified vulnerability in System Communications Services 6 Delegated Administrator 2005Q1 in Sun Java System Messaging Server 2005Q1 allows remote attackers to obtain the Top-Level Administrator (…

CVSS: 7.5 CWE: N/A View on NVD
2005-10-23
High

CVE-2005-3280

Paros 3.2.5 uses a default password for the "sa" account in the underlying HSQLDB database and does not restrict access to the local machine, which allows remote attackers to gain privileges.

CVSS: 7.5 CWE: N/A View on NVD
2005-10-14
Medium

CVE-2005-3196

Planet Technology Corp FGSW2402RS switch with firmware 1.2 has a default password, which allows attackers with physical access to the device's serial port to gain privileges.

CVSS: 4.6 CWE: N/A View on NVD
2005-09-20
High

CVE-2005-2998

PHP Advanced Transfer Manager 1.30 has a default password for the administrator user, which allows remote attackers to upload and execute arbitrary PHP files.

CVSS: 7.5 CWE: N/A View on NVD
2005-08-16
High

CVE-2005-2584

The web administration interface in Mentor ADSL-FR4II router running firmware 2.00.0111 does not set a default password, which allows local users to gain access.

CVSS: 7.2 CWE: N/A View on NVD
2005-05-02
High

CVE-2005-0601

Cisco devices running Application and Content Networking System (ACNS) 4.x, 5.0, 5.1, or 5.2 use a default password when the setup dialog has not been run, which allows remote attackers to gain acces…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2005-0865

Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) root, (2) admin, or (3) user users, which allows remote attackers to gain privileges via Telnet or an HTTP request to adsl.cgi.

CVSS: 7.5 CWE: N/A View on NVD
2004-12-31
High

CVE-2004-1591

The web interface for Micronet Wireless Broadband Router SP916BM running firmware before 1.9 08/04/2004 resets the password to the default password when the router is shut off, which could allow remo…

CVSS: 7.5 CWE: N/A View on NVD
2004-11-23
Critical

CVE-2004-0311

American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 through 3.0.3 and 3.21 are shipped with a default password of TENmanUFactOryPOWER, which allows remote attackers to gain unautho…

CVSS: 10.0 CWE: N/A View on NVD
2004-03-23
High

CVE-2004-1884

Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.

CVSS: 7.5 CWE: N/A View on NVD
2003-12-31
Low

CVE-2003-1225

The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords.

CVSS: 2.1 CWE: N/A View on NVD
2002-12-31
High

CVE-2002-1769

Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the "Log on locally" privilege.

CVSS: 7.5 CWE: N/A View on NVD
2002-10-28
High

CVE-2002-1229

Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier contain undocumented accounts (1) manuf and (2) diag with default passwords, which allows remote attackers to gain privileges.

CVSS: 7.5 CWE: N/A View on NVD
2002-08-12
Critical

CVE-2002-0774

Hosting Controller creates a default user AdvWebadmin with a default password, which could allow remote attackers to gain privileges if the password is not changed.

CVSS: 10.0 CWE: N/A View on NVD
2002-05-31
Medium

CVE-2002-0305

Zero One Tech (ZOT) P100s print server does not properly disable the SNMP service or change the default password, which could leave the server open to attack without the administrator's knowledge.

CVSS: 5.0 CWE: N/A View on NVD
2001-09-20
High

CVE-2001-0645

Symantec/AXENT NetProwler 3.5.x contains several default passwords, which could allow remote attackers to (1) access to the management tier via the "admin" password, or (2) connect to a MySQL ODBC fr…

CVSS: 7.5 CWE: N/A View on NVD
2001-05-24
High

CVE-2001-1428

The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped with a default password, which allows remote attackers to gain unauthorized access.

CVSS: 7.5 CWE: N/A View on NVD
2001-04-10
High

CVE-2001-1424

Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, KHDSAA.132, KHDSBA.133, and KHDSAA.134 has a blank default password, which allows remote attackers to gain unauthorized access.

CVSS: 7.5 CWE: N/A View on NVD
2000-01-31
Critical

CVE-2000-0109

The mcsp Client Site Processor system (MultiCSP) in Standard and Poor's ComStock is installed with several accounts that have no passwords or easily guessable default passwords.

CVSS: 10.0 CWE: N/A View on NVD
1999-12-31
High

CVE-1999-1355

BMC Patrol component, when installed with Compaq Insight Management Agent 4.23 and earlier, or Management Agents for Servers 4.40 and earlier, creates a PFCUser account with a default password and po…

CVSS: 7.5 CWE: N/A View on NVD
1999-12-23
High

CVE-2000-0038

glFtpD includes a default glftpd user account with a default password and a UID of 0.

CVSS: 7.5 CWE: N/A View on NVD
1999-09-16
High

CVE-1999-0954

WWWBoard has a default username and default password.

CVSS: 7.5 CWE: N/A View on NVD
1999-08-03
High

CVE-1999-0677

The WebRamp web administration utility has a default password.

CVSS: 7.5 CWE: N/A View on NVD