VYPR

CWE-521

Weak Password Requirements

BaseDraft

Description

The product does not require that users should have strong passwords.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-112 · CAPEC-16 · CAPEC-49 · CAPEC-509 · CAPEC-55 · CAPEC-555 · CAPEC-561 · CAPEC-565 · CAPEC-70

CVEs mapped to this weakness (85)

page 2 of 5
  • CVE-2018-1000134CriMar 16, 2018
    risk 0.57cvss 9.8epss 0.05

    UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't…

  • CVE-2025-9964HigSep 23, 2025
    risk 0.56cvss epss 0.00

    No password for the root user is set in Novakon P series. This allows phyiscal attackers to enter the console easily. This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9).

  • CVE-2025-55299CriAug 18, 2025
    risk 0.54cvss 9.4epss 0.00

    VaulTLS is a modern solution for managing mTLS (mutual TLS) certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL password set, attackers can use this to login with an empty password. This is combined with that fact, that…

  • CVE-2025-55034HigNov 15, 2025
    risk 0.53cvss 8.2epss 0.00

    General Industrial Controls Lynx+ Gateway is vulnerable to a weak password requirement vulnerability, which may allow an attacker to execute a brute-force attack resulting in unauthorized access and login.

  • CVE-2022-39997HigAug 27, 2024
    risk 0.52cvss 8.0epss 0.00

    A weak password requirement issue was discovered in Teldats Router RS123, RS123w allows a remote attacker to escalate privileges

  • CVE-2017-9818HigAug 24, 2018
    risk 0.49cvss 7.5epss 0.01

    The National Payments Corporation of India BHIM application 1.3 for Android relies on a four-digit passcode, which makes it easier for attackers to obtain access.

  • CVE-2018-0204HigFeb 22, 2018
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for individual users. The vulnerability is due to weak login controls. An attacker could exploit…

  • CVE-2026-33771HigApr 9, 2026
    risk 0.48cvss 7.4epss 0.00

    A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management…

  • CVE-2023-41923HigJul 2, 2024
    risk 0.47cvss 7.2epss 0.00

    The user management section of the web application permits the creation of user accounts with excessively weak passwords, including single-character passwords.

  • CVE-2018-1101HigMay 2, 2018
    risk 0.47cvss 7.2epss 0.02

    Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing…

  • CVE-2018-6312HigMar 10, 2018
    risk 0.47cvss 7.2epss 0.01

    A privileged account with a weak default password on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 can be used to turn on the TELNET service via the web interface, which allows root login without any password. This vulnerability will lead…

  • CVE-2017-6339MedApr 5, 2017
    risk 0.46cvss 6.5epss 0.04

    Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority (CA) and dynamically generates digital certificates that are sent to…

  • CVE-2025-67513MedDec 10, 2025
    risk 0.45cvss epss 0.00

    FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password…

  • CVE-2025-5022MedJul 10, 2025
    risk 0.42cvss 6.5epss 0.01

    Weak Password Requirements vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the units of the product (measurement unit…

  • CVE-2024-51398MedNov 1, 2024
    risk 0.42cvss 6.5epss 0.00

    Altai Technologies Ltd Altai X500 Indoor 22 802.11ac Wave 2 AP web Management Weak password leakage in the background may lead to unauthorized access, data theft, and network attacks, seriously threatening network security.

  • CVE-2017-7306MedApr 4, 2017
    risk 0.42cvss 6.4epss 0.00

    Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the…

  • CVE-2025-22228HigMar 20, 2025
    risk 0.41cvss 7.4epss 0.01

    BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same.

  • CVE-2018-5389MedSep 6, 2018
    risk 0.39cvss 5.9epss 0.03

    The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is…

  • CVE-2024-40684MedMay 27, 2026
    risk 0.38cvss 5.9epss 0.00

    IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does not require that users should have strong passwords by default,…

  • CVE-2019-19145MedAug 1, 2025
    risk 0.38cvss 5.8epss 0.00

    Quantum SuperLoader 3 V94.0 005E.0h devices allow attackers to access the hardcoded fa account because there are only 65536 possible passwords.