High
CVE-2022-3179
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2.
Tag: Weak Credentials
All CVEs associated with "Weak Credentials". Page 2/2 • 181 CVEs.
Subscribe CVEs: RSS for “Weak Credentials” · RSS (High+Critical only)
About “Weak Credentials”
A curated feed of “Weak Credentials”-related CVEs appears below. We currently track 181 CVEs for this tag (all time). In the last 365 days, 46 were published. Average CVSS is 7.1 (all time; 6.0 over 365d), and 56% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-640 - Weak Password Recovery Mechanism for Forgotten Password, CWE-521 - Weak Password Requirements, CWE-916 - Use of Password Hash With Insufficient Computational Effort.
In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2022-09-13
2022-09-12
Critical
CVE-2022-37300
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. A…
2022-09-08
Critical
CVE-2022-37164
Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed wi…
Critical
CVE-2022-37163
Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are…
2022-09-07
High
CVE-2022-35513
The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage.
2022-08-25
Critical
CVE-2022-37158
RuoYi v3.8.3 has a Weak password vulnerability in the management system.
2022-08-22
Critical
CVE-2022-2927
Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7.
2022-08-19
Critical
CVE-2022-34615
Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks.
2022-08-04
Critical
CVE-2022-35143
Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks.
2022-06-16
Critical
CVE-2022-2098
Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1.
2022-06-01
High
CVE-2022-29098
Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially e…
2022-05-20
Critical
CVE-2022-1775
Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2.
2022-04-20
Critical
CVE-2022-1039
The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be acce…
2022-04-15
Critical
CVE-2022-27157
pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php.
2022-04-05
Medium
CVE-2022-1236
Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0.
2022-03-21
Medium
CVE-2022-23348
BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes.
2022-03-01
Medium
CVE-2022-25012
Argus Surveillance DVR v4.0 employs weak password encryption.
High
CVE-2022-0777
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3.
2022-01-05
High
CVE-2022-22110
In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such…
2021-12-09
Medium
CVE-2021-41696
An authentication bypass (account takeover) vulnerability exists in Premiumdatingscript 4.2.7.7 due to a weak password reset mechanism in requests\user.php.
2021-12-02
Critical
CVE-2021-40333
Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affec…
2021-09-09
Medium
CVE-2021-28914
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to set a weak password because the strength is shown in configuration tool, but finally not enforced. This is usable and part of an…
2021-06-24
High
CVE-2021-25923
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of t…
2021-06-11
Critical
CVE-2021-22763
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for…
2021-06-09
High
CVE-2020-15382
Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time.
2021-05-26
Critical
CVE-2021-22731
Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed Switch MCSESM* and MCSESP* V8.21 and prior which could cause an unauthorized password change through HT…
2021-04-30
High
CVE-2021-21507
Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remot…
2021-04-26
Critical
CVE-2021-25839
A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing.
2021-03-02
Critical
CVE-2021-25309
The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does not implement any lockout or throttling functionality. This situation (together with the weak password p…
2020-12-10
Critical
CVE-2020-26201
Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to t…
2020-09-03
Critical
CVE-2020-25105
eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recovery token (createHash has only a million possibilities).
2020-07-23
High
CVE-2020-7519
A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account.
2020-06-16
Medium
CVE-2020-7492
A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not…
2020-05-07
High
CVE-2019-18872
Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessable passwords (e.g., 1 or 1234).
2020-05-04
Critical
CVE-2020-8790
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has weak password requirements combined with improper restriction of excessive authentication attempts, which could…
2020-03-24
Critical
CVE-2020-6991
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force.
Critical
CVE-2020-6995
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unau…
2020-02-12
High
CVE-2013-7286
MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm
2019-12-30
High
CVE-2019-20138
The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the default algorithm for libsodium's crypto_pwhash_str is not used.
2019-11-26
Critical
CVE-2019-17392
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.
2019-08-22
High
CVE-2019-12385
An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches (even guest users) can dump any dat…
2019-05-02
Critical
CVE-2018-16988
An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires…
2019-04-17
Critical
CVE-2019-10641
Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.
2019-03-25
Critical
CVE-2017-7342
A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button
2019-02-09
High
CVE-2019-7676
A weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin account.
2018-12-20
High
CVE-2018-1000812
Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 4…
2018-10-18
Medium
CVE-2018-1518
IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. IBM X-Force ID: 141682.
2018-08-01
Critical
CVE-2018-10618
Davolink DVW-3200N all version prior to Version 1.00.06. The device generates a weak password hash that is easily cracked, allowing a remote attacker to obtain the password for the device.
2018-04-04
Medium
CVE-2018-1447
The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of…
2017-12-17
Critical
CVE-2017-17717
Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.
2017-09-11
Critical
CVE-2015-4689
Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset arbitrary passwords via unspecified vectors, aka "Weak Password Reset."
2017-08-05
Critical
CVE-2017-9853
An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set…
2017-06-30
Critical
CVE-2017-7903
A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 17…
2017-05-27
High
CVE-2017-7731
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature.
2010-12-17
Low
CVE-2010-2603
RIM BlackBerry Desktop Software 4.7 through 6.0 for PC, and 1.0 for Mac, uses a weak password to encrypt a database backup file, which makes it easier for local users to decrypt the file via a brute…
2009-08-13
Low
CVE-2009-2087
The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and cus…
2004-03-03
High
CVE-2004-0082
The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could…
2003-12-31
Medium
CVE-2003-1457
Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access.
2002-12-31
High
CVE-2002-1872
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
2001-07-20
Medium
CVE-2001-1354
NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or u…
1999-01-25
High
CVE-1999-0352
ControlIT 4.5 and earlier (aka Remotely Possible) has weak password encryption.