VYPR

CWE-521

Weak Password Requirements

BaseDraft

Description

The product does not require that users should have strong passwords.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-112 · CAPEC-16 · CAPEC-49 · CAPEC-509 · CAPEC-55 · CAPEC-555 · CAPEC-561 · CAPEC-565 · CAPEC-70

CVEs mapped to this weakness (85)

page 3 of 5
  • CVE-2017-1386MedJul 31, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160.

  • CVE-2025-8182MedJul 26, 2025
    risk 0.36cvss 5.6epss 0.00

    A vulnerability has been found in Tenda AC18 15.03.05.19 and classified as problematic. This vulnerability affects unknown code of the file /etc_ro/smb.conf of the component Samba. The manipulation leads to weak password requirements. The attack can be initiated remotely. The…

  • CVE-2017-7150MedOct 23, 2017
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "Security" component. It allows attackers to bypass the keychain access prompt, and consequently extract passwords, via a synthetic click.

  • CVE-2018-16703MedSep 7, 2018
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker to perform multiple user enumerations, which can further help an attacker to perform login attempts in excess of the configured login attempt limit. The vulnerability is due to…

  • CVE-2026-11493MedJun 8, 2026
    risk 0.33cvss 5.0epss 0.00

    A weakness has been identified in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/smb.conf of the component Samba. Executing a manipulation can lead to weak password requirements. The attack is only possible within the local network. A…

  • CVE-2017-7305MedApr 4, 2017
    risk 0.30cvss 4.6epss 0.00

    Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot. NOTE: the vendor believes that this does not meet the definition of a vulnerability.…

  • CVE-2025-46742MedMay 12, 2025
    risk 0.28cvss 4.3epss 0.00

    Users who were required to change their password could still access system information before changing their password

  • CVE-2026-35646MedApr 9, 2026
    risk 0.24cvss 4.8epss 0.00

    OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that allows attackers to brute-force weak webhook secrets. The vulnerability exists because invalid webhook tokens are rejected without throttling repeated…

  • CVE-2026-35628MedApr 9, 2026
    risk 0.24cvss 4.8epss 0.00

    OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authentication that allows attackers to brute-force weak webhook secrets. The vulnerability enables repeated authentication guesses without throttling, permitting attackers to…

  • CVE-2026-35623MedApr 9, 2026
    risk 0.24cvss 4.8epss 0.00

    OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in webhook authentication that allows attackers to brute-force weak webhook passwords without throttling. Remote attackers can repeatedly submit incorrect password guesses to the webhook endpoint to…

  • CVE-2025-11322LowOct 6, 2025
    risk 0.24cvss 3.7epss 0.00

    A flaw has been found in Mangati NovoSGA up to 2.2.12. The impacted element is an unknown function of the file /novosga.users/new of the component User Creation Page. Executing manipulation of the argument Senha/Confirmação da senha can lead to weak password requirements. The…

  • CVE-2025-8549LowAug 5, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was found in atjiu pybbs up to 6.0.0. It has been classified as critical. Affected is the function update of the file src/main/java/co/yiiu/pybbs/controller/admin/UserAdminController.java. The manipulation leads to weak password requirements. It is possible to…

  • CVE-2025-4534LowMay 11, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability, which was classified as problematic, has been found in SunGrow Logger1000 01_A. This issue affects some unknown processing. The manipulation leads to weak password requirements. The attack may be initiated remotely. The complexity of an attack is rather high.…

  • CVE-2024-3735LowApr 13, 2024
    risk 0.24cvss 3.7epss 0.01

    A vulnerability was found in Smart Office up to 20240405. It has been classified as problematic. Affected is an unknown function of the file Main.aspx. The manipulation of the argument New Password/Confirm Password with the input 1 leads to weak password requirements. It is…

  • CVE-2026-9394LowMay 24, 2026
    risk 0.20cvss 3.1epss 0.00

    A vulnerability was determined in Besen BS20 EV Charging Station up to 20260426. This impacts an unknown function of the component Bluetooth Low Energy Handler. Executing a manipulation can lead to weak password requirements. The attack needs to be done within the local network.…

  • CVE-2025-55252LowJan 19, 2026
    risk 0.20cvss 3.1epss 0.00

    HCL AION  version 2 is affected by a Weak Password Policy vulnerability. This can  allow the use of easily guessable passwords, potentially resulting in unauthorized access

  • CVE-2025-10320LowSep 12, 2025
    risk 0.20cvss 3.1epss 0.00

    A vulnerability was detected in iteachyou Dreamer CMS up to 4.1.3.2. This issue affects some unknown processing of the file /admin/user/updatePwd. Performing manipulation results in weak password requirements. Remote exploitation of the attack is possible. A high degree of…

  • CVE-2024-29208LowMay 7, 2024
    risk 0.14cvss 2.2epss 0.00

    An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version…

  • CVE-2026-1408LowJan 25, 2026
    risk 0.13cvss 2.0epss 0.00

    A weakness has been identified in Beetel 777VR1 up to 01.00.09/01.00.09_55. This vulnerability affects unknown code of the component UART Interface. Executing a manipulation can lead to weak password requirements. The physical device can be targeted for the attack. The attack…

  • CVE-2026-34203LowMar 31, 2026
    risk 0.11cvss 2.7epss 0.00

    Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTH_PASSWORD_VALIDATORS setting (which defaults to an empty…