VYPR

CWE-521

Weak Password Requirements

BaseDraft

Description

The product does not require that users should have strong passwords.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-112 · CAPEC-16 · CAPEC-49 · CAPEC-509 · CAPEC-55 · CAPEC-555 · CAPEC-561 · CAPEC-565 · CAPEC-70

CVEs mapped to this weakness (85)

page 5 of 5
  • CVE-2022-2927Aug 22, 2022
    risk 0.00cvss epss 0.01

    Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7.

  • CVE-2022-35143Aug 4, 2022
    risk 0.00cvss epss 0.01

    Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks.

  • CVE-2022-22110Jan 5, 2022
    risk 0.00cvss epss 0.01

    In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to…

  • CVE-2020-15115Aug 6, 2020
    risk 0.00cvss epss 0.01

    etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort.

  • CVE-2020-7940Jan 23, 2020
    risk 0.00cvss epss 0.01

    Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking.