VYPR

CWE-521

Weak Password Requirements

BaseDraft

Description

The product does not require that users should have strong passwords.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-112 · CAPEC-16 · CAPEC-49 · CAPEC-509 · CAPEC-55 · CAPEC-555 · CAPEC-561 · CAPEC-565 · CAPEC-70

CVEs mapped to this weakness (85)

page 4 of 5
  • CVE-2024-42850Aug 16, 2024
    risk 0.04cvss epss 0.01

    An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.

  • CVE-2012-2441Apr 28, 2012
    risk 0.04cvss epss 0.09

    RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH…

  • CVE-2026-27575Feb 25, 2026
    risk 0.00cvss epss 0.00

    Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to set weak passwords (e.g., 1234, password) without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes…

  • CVE-2025-65014Nov 18, 2025
    risk 0.00cvss epss 0.00

    LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create…

  • CVE-2025-11200Oct 29, 2025
    risk 0.00cvss epss 0.01

    MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the…

  • CVE-2025-52997Jun 30, 2025
    risk 0.00cvss epss 0.00

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1, a missing password policy and brute-force protection makes the authentication process insecure. Attackers…

  • CVE-2025-1474Mar 20, 2025
    risk 0.00cvss epss 0.00

    In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for…

  • CVE-2023-4125Aug 3, 2023
    risk 0.00cvss epss 0.01

    Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0.

  • CVE-2023-31098May 22, 2023
    risk 0.00cvss epss 0.01

    Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0.  When users change their password to a simple password (with any character or symbol), attackers can easily guess the user's…

  • CVE-2023-2160Apr 18, 2023
    risk 0.00cvss epss 0.01

    Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0.

  • CVE-2023-2106Apr 15, 2023
    risk 0.00cvss epss 0.01

    Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.

  • CVE-2023-1753Mar 31, 2023
    risk 0.00cvss epss 0.01

    Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

  • CVE-2023-0793Feb 12, 2023
    risk 0.00cvss epss 0.01

    Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

  • CVE-2023-0564Jan 29, 2023
    risk 0.00cvss epss 0.00

    Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10.

  • CVE-2023-0569Jan 29, 2023
    risk 0.00cvss epss 0.01

    Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.

  • CVE-2023-0307Jan 15, 2023
    risk 0.00cvss epss 0.01

    Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

  • CVE-2022-3754Oct 29, 2022
    risk 0.00cvss epss 0.01

    Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.

  • CVE-2022-3376Oct 6, 2022
    risk 0.00cvss epss 0.01

    Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.

  • CVE-2022-3326Sep 28, 2022
    risk 0.00cvss epss 0.01

    Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9.

  • CVE-2022-3179Sep 13, 2022
    risk 0.00cvss epss 0.01

    Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2.