CWE-521
Weak Password Requirements
Description
The product does not require that users should have strong passwords.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-112 · CAPEC-16 · CAPEC-49 · CAPEC-509 · CAPEC-55 · CAPEC-555 · CAPEC-561 · CAPEC-565 · CAPEC-70
CVEs mapped to this weakness (85)
page 4 of 5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-42850 | 0.04 | — | 0.01 | Aug 16, 2024 | An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements. | |||
| CVE-2012-2441 | 0.04 | — | 0.09 | Apr 28, 2012 | RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH… | |||
| CVE-2026-27575 | — | 0.00 | — | 0.00 | Feb 25, 2026 | Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to set weak passwords (e.g., 1234, password) without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes… | ||
| CVE-2025-65014 | 0.00 | — | 0.00 | Nov 18, 2025 | LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create… | |||
| CVE-2025-11200 | 0.00 | — | 0.01 | Oct 29, 2025 | MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the… | |||
| CVE-2025-52997 | 0.00 | — | 0.00 | Jun 30, 2025 | File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1, a missing password policy and brute-force protection makes the authentication process insecure. Attackers… | |||
| CVE-2025-1474 | 0.00 | — | 0.00 | Mar 20, 2025 | In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for… | |||
| CVE-2023-4125 | — | 0.00 | — | 0.01 | Aug 3, 2023 | Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0. | ||
| CVE-2023-31098 | 0.00 | — | 0.01 | May 22, 2023 | Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0. When users change their password to a simple password (with any character or symbol), attackers can easily guess the user's… | |||
| CVE-2023-2160 | 0.00 | — | 0.01 | Apr 18, 2023 | Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0. | |||
| CVE-2023-2106 | 0.00 | — | 0.01 | Apr 15, 2023 | Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20. | |||
| CVE-2023-1753 | — | 0.00 | — | 0.01 | Mar 31, 2023 | Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||
| CVE-2023-0793 | — | 0.00 | — | 0.01 | Feb 12, 2023 | Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | ||
| CVE-2023-0564 | 0.00 | — | 0.00 | Jan 29, 2023 | Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10. | |||
| CVE-2023-0569 | 0.00 | — | 0.01 | Jan 29, 2023 | Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10. | |||
| CVE-2023-0307 | — | 0.00 | — | 0.01 | Jan 15, 2023 | Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | ||
| CVE-2022-3754 | — | 0.00 | — | 0.01 | Oct 29, 2022 | Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | ||
| CVE-2022-3376 | — | 0.00 | — | 0.01 | Oct 6, 2022 | Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. | ||
| CVE-2022-3326 | — | 0.00 | — | 0.01 | Sep 28, 2022 | Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9. | ||
| CVE-2022-3179 | — | 0.00 | — | 0.01 | Sep 13, 2022 | Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2. |
- CVE-2024-42850Aug 16, 2024risk 0.04cvss —epss 0.01
An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.
- CVE-2012-2441Apr 28, 2012risk 0.04cvss —epss 0.09
RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH…
- CVE-2026-27575Feb 25, 2026risk 0.00cvss —epss 0.00
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to set weak passwords (e.g., 1234, password) without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes…
- CVE-2025-65014Nov 18, 2025risk 0.00cvss —epss 0.00
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create…
- CVE-2025-11200Oct 29, 2025risk 0.00cvss —epss 0.01
MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the…
- CVE-2025-52997Jun 30, 2025risk 0.00cvss —epss 0.00
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1, a missing password policy and brute-force protection makes the authentication process insecure. Attackers…
- CVE-2025-1474Mar 20, 2025risk 0.00cvss —epss 0.00
In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for…
- CVE-2023-4125Aug 3, 2023risk 0.00cvss —epss 0.01
Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0.
- CVE-2023-31098May 22, 2023risk 0.00cvss —epss 0.01
Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0. When users change their password to a simple password (with any character or symbol), attackers can easily guess the user's…
- CVE-2023-2160Apr 18, 2023risk 0.00cvss —epss 0.01
Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0.
- CVE-2023-2106Apr 15, 2023risk 0.00cvss —epss 0.01
Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.
- CVE-2023-1753Mar 31, 2023risk 0.00cvss —epss 0.01
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
- CVE-2023-0793Feb 12, 2023risk 0.00cvss —epss 0.01
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
- CVE-2023-0564Jan 29, 2023risk 0.00cvss —epss 0.00
Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10.
- CVE-2023-0569Jan 29, 2023risk 0.00cvss —epss 0.01
Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.
- CVE-2023-0307Jan 15, 2023risk 0.00cvss —epss 0.01
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
- CVE-2022-3754Oct 29, 2022risk 0.00cvss —epss 0.01
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
- CVE-2022-3376Oct 6, 2022risk 0.00cvss —epss 0.01
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.
- CVE-2022-3326Sep 28, 2022risk 0.00cvss —epss 0.01
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9.
- CVE-2022-3179Sep 13, 2022risk 0.00cvss —epss 0.01
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2.