CWE-1391
Use of Weak Credentials
ClassIncomplete
Description
The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker.
Hierarchy (View 1000)
CVEs mapped to this weakness (28)
page 2 of 2| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-33849 | Med | 0.42 | 6.5 | 0.00 | May 28, 2024 | ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key. | |
| CVE-2024-21865 | Med | 0.42 | 6.5 | 0.00 | Mar 25, 2024 | HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell. | |
| CVE-2024-11717 | Med | 0.41 | — | 0.00 | Jan 2, 2025 | Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to change user's password and take over the account. Moreover, the tokens also include base64 encoded user email. This issue impacts releases up to 3.7.4 and was addressed by pull request 2679 https://github.com/CTFd/CTFd/pull/2679 included in 3.7.5 release. | |
| CVE-2025-22936 | Med | 0.37 | 5.7 | 0.00 | Feb 6, 2025 | An issue in Smartcom Bulgaria AD Smartcom Ralink CPE/WiFi router SAM-4G1G-TT-W-VC, SAM-4F1F-TT-W-A1 allows a remote attacker to obtain sensitive information via the Weak default WiFi password generation algorithm in WiFi routers. | |
| CVE-2026-24449 | Med | 0.30 | 4.6 | 0.00 | Feb 3, 2026 | For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information. | |
| CVE-2025-4057 | Med | 0.29 | 5.5 | 0.00 | May 26, 2025 | A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies. | |
| CVE-2025-32471 | Low | 0.24 | 3.7 | 0.00 | Apr 28, 2025 | The device’s passwords have not been adequately salted, making them vulnerable to password extraction attacks. | |
| CVE-2025-1081 | Low | 0.20 | 3.1 | 0.00 | Feb 6, 2025 | A vulnerability was found in Bharti Airtel Xstream Fiber up to 20250123. It has been rated as problematic. This issue affects some unknown processing of the component WiFi Password Handler. The manipulation leads to use of weak credentials. The attack needs to be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way. |