CWE-521
Weak Password Requirements
Description
The product does not require that users should have strong passwords.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-112 · CAPEC-16 · CAPEC-49 · CAPEC-509 · CAPEC-55 · CAPEC-555 · CAPEC-561 · CAPEC-565 · CAPEC-70
CVEs mapped to this weakness (85)
page 5 of 5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-2927 | 0.00 | — | 0.01 | Aug 22, 2022 | Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7. | |||
| CVE-2022-35143 | — | 0.00 | — | 0.01 | Aug 4, 2022 | Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. | ||
| CVE-2022-22110 | 0.00 | — | 0.01 | Jan 5, 2022 | In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to… | |||
| CVE-2020-15115 | 0.00 | — | 0.01 | Aug 6, 2020 | etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort. | |||
| CVE-2020-7940 | — | 0.00 | — | 0.01 | Jan 23, 2020 | Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking. |
- CVE-2022-2927Aug 22, 2022risk 0.00cvss —epss 0.01
Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7.
- CVE-2022-35143Aug 4, 2022risk 0.00cvss —epss 0.01
Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks.
- CVE-2022-22110Jan 5, 2022risk 0.00cvss —epss 0.01
In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to…
- CVE-2020-15115Aug 6, 2020risk 0.00cvss —epss 0.01
etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort.
- CVE-2020-7940Jan 23, 2020risk 0.00cvss —epss 0.01
Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking.