VYPR

CWE-521

Weak Password Requirements

BaseDraft

Description

The product does not require that users should have strong passwords.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-112 · CAPEC-16 · CAPEC-49 · CAPEC-509 · CAPEC-55 · CAPEC-555 · CAPEC-561 · CAPEC-565 · CAPEC-70

CVEs mapped to this weakness (85)

page 1 of 5
  • CVE-2026-25715CriFeb 20, 2026
    risk 0.64cvss 9.8epss 0.01

    The web management interface of the device allows the administrator username and password to be set to blank values. Once applied, the device permits authentication with empty credentials over the web management interface and Telnet service. This effectively disables …

  • CVE-2025-30127CriAug 6, 2025
    risk 0.64cvss 9.8epss 0.00

    An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Once access is gained either by default, common, or cracked passwords, the video recordings (containing sensitive routes, conversations, and footage) are open for downloading by creating a socket to command port…

  • CVE-2025-25211CriMar 31, 2025
    risk 0.64cvss 9.8epss 0.01

    Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login.

  • CVE-2024-3263CriMay 14, 2024
    risk 0.64cvss 9.8epss 0.01

    YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and enumerated through brute force attacks.…

  • CVE-2018-12925CriJun 28, 2018
    risk 0.64cvss 9.8epss 0.01

    Baseon Lantronix MSS devices do not require a password for TELNET access.

  • CVE-2017-1601CriMay 2, 2018
    risk 0.64cvss 9.8epss 0.03

    IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624.

  • CVE-2018-1372CriFeb 27, 2018
    risk 0.64cvss 9.8epss 0.02

    IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 137772.

  • CVE-2017-3186CriDec 16, 2017
    risk 0.64cvss 9.8epss 0.06

    ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials.

  • CVE-2017-14189CriNov 29, 2017
    risk 0.64cvss 9.8epss 0.03

    An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password.

  • CVE-2017-1221CriNov 13, 2017
    risk 0.64cvss 9.8epss 0.02

    IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123861.

  • CVE-2017-12861CriOct 10, 2017
    risk 0.64cvss 9.8epss 0.03

    The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.All Epson projectors supporting the "EasyMP"…

  • CVE-2017-9853CriAug 5, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a…

  • CVE-2017-7903CriJun 30, 2017
    risk 0.64cvss 9.8epss 0.03

    A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series…

  • CVE-2017-1196CriJun 7, 2017
    risk 0.64cvss 9.8epss 0.02

    IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123671.

  • CVE-2026-6284CriApr 17, 2026
    risk 0.59cvss 9.1epss 0.00

    An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.

  • CVE-2017-16727CriDec 22, 2017
    risk 0.59cvss 9.1epss 0.02

    A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to…

  • CVE-2026-41038HigApr 21, 2026
    risk 0.57cvss 8.8epss 0.00

    This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing password guessing or brute-force attacks against user…

  • CVE-2025-34058HigJul 1, 2025
    risk 0.57cvss epss 0.01

    Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the…

  • CVE-2024-25729HigMar 8, 2024
    risk 0.57cvss 8.8epss 0.00

    Arris SBG6580 devices have predictable default WPA2 security passwords that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last octet.)

  • CVE-2018-15748HigAug 23, 2018
    risk 0.57cvss 8.8epss 0.01

    On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the…