CWE-521

Weak Password Requirements

Parent: CWE-1391 - Use of Weak Credentials

The product does not require that users should have strong passwords.

257 vulnerabilities with CWE-521
CVE-2018-19064 CRITICAL
Foscam C2/Opticam i5 - Info Disclosure
CVSS 9.8
CVE-2018-15766 HIGH
Dell Encryption <10.0.1 - Info Disclosure
CVSS 7.5
CVE-2018-16703 MEDIUM
Gleez CMS 1.2.0 - Unauthenticated User Enumeration and Brute-Force Attack via Login Page
CVSS 5.3
CVE-2018-5389 MEDIUM
Internet Key Exchange v1 - Weak Pre-Shared Key Vulnerability via Offline Dictionary Attack
CVSS 5.9
CVE-2018-15748 HIGH
Dell 2335dn Printer Firmware - Authenticated Password Disclosure via Email Settings Page
CVSS 8.8
CVE-2018-12925 CRITICAL
Baseon Lantronix MSS - Info Disclosure
CVSS 9.8
CVE-2018-1101 HIGH
Ansible Tower <3.2.4 - Privilege Escalation
CVSS 7.2
CVE-2018-1000134 CRITICAL
UnboundID LDAP SDK - Incorrect Access Control
CVSS 9.8
CVE-2018-6312 HIGH
Foxconn femtocell FEMTO AP-FC4064-T - Weak Default Password
CVSS 7.2
CVE-2018-1372 CRITICAL
IBM Security Guardium Big Data Intelligence - Info Disclosure
CVSS 9.8
CVE-2018-0204 HIGH
Cisco Prime Collaboration Provisioning - Unauthenticated Denial of Service via Repeated Bad Login Attempts
CVSS 7.5
CVE-2017-18857 CRITICAL
NETGEAR Insight <2.42 - Info Disclosure
CVSS 9.8
CVE-2017-1597 MEDIUM
IBM Security Guardium - Info Disclosure
CVSS 5.9
CVE-2017-9818 HIGH
BHIM 1.3 - Weak Password Requirements
CVSS 7.5
CVE-2017-1601 CRITICAL
IBM Security Guardium <10.1.5 - Info Disclosure
CVSS 9.8
CVE-2017-16727 CRITICAL
Moxa NPort W2150A <1.11, Moxa NPort W2250A <1.11 - Info Disclosure
CVSS 9.1
CVE-2017-3186 CRITICAL
ACTi D, B, I, and E series cameras >=A1D-500-V6.11.31-AC - Unauthenticated Remote Control via Default Credentials
CVSS 9.8
CVE-2017-14189 CRITICAL
Fortinet FortiWebManager 5.8.0 - Info Disclosure
CVSS 9.8
CVE-2017-1221 CRITICAL
IBM Tivoli Endpoint Manager - Info Disclosure
CVSS 9.8
CVE-2017-7150 MEDIUM
macOS < 10.12.6 - Unauthenticated Password Extraction via Synthetic Click
CVSS 5.5
CVE-2017-12861 CRITICAL
Epson EasyMP - Unauthenticated Brute-Force Attack via 4-Digit Code
CVSS 9.8
CVE-2017-9853 CRITICAL
SMA Solar Technology - Info Disclosure
CVSS 9.8
CVE-2017-1386 MEDIUM
IBM API Connect 5.0.0.0 - Auth Bypass
CVSS 5.9
CVE-2017-7903 CRITICAL
Rockwellautomation 1763-l16awa Series A < 16.000 - Weak Encryption
CVSS 9.8
CVE-2017-1196 CRITICAL
IBM BigFix Compliance <1.9.70 - Info Disclosure
CVSS 9.8
Details
Vulnerabilities 257
Links
MITRE CWE Entry Search this CWE With Exploits