CWE-521: CWE-521

IBM Maximo Asset Management 7.6.1.2 does not enforce strong password policies by default, allowing weak passwords that can be easily guessed or brute-...

Daybyday CRM versions 1.1 through 2.2.0 allow users to set extremely weak passwords (including single-character passwords) when updating their credent...

IBM Cognos Analytics versions 11.1.7 and 11.2.0 have a weak default password policy that doesn't enforce strong passwords. This makes user accounts vu...

CVE-2021-38133 is an external service interaction vulnerability in OpenText eDirectory that allows attackers to force the server to make unauthorized ...

This vulnerability in the Schule school management system allows attackers to brute-force 4-digit OTP codes due to the limited keyspace of only 9000 p...

This CVE describes weak password requirements in phpMyFAQ versions prior to 3.1.11, allowing attackers to more easily guess or brute-force user passwo...

This vulnerability allows attackers to bypass authentication on Kapsch TrafficCom RIS-9160 and RIS-9260 Roadside Units via brute-force attacks due to ...

Apache Fineract versions through 1.10.1 have weak password requirements that allow attackers to set or maintain easily guessable passwords. This affec...

This vulnerability allows attackers within Wi-Fi range to derive passwords from SSIDs in Mitsubishi EcoGuideTAB photovoltaic monitors. If the air cond...

IBM Transformation Extender Advanced 10.0.1 does not enforce strong password requirements by default, allowing attackers to more easily guess or brute...

IBM Aspera Faspex versions 5.0.0 through 5.0.10 do not enforce strong password policies by default, allowing attackers to more easily compromise user ...

This CVE describes a man-in-the-middle (MITM) vulnerability in the Clone module that could allow attackers to intercept and potentially modify communi...

This vulnerability in Tenda AC18 routers allows attackers to exploit weak password requirements in the Samba configuration file. Attackers can potenti...

In MLflow versions 2.18, administrators can create user accounts without setting passwords, violating secure account management practices. This vulner...

The goTenna Pro App uses weak passwords for sharing encryption keys via RF broadcast, allowing attackers who capture the broadcast to potentially brut...

The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via RF broadcast, allowing attackers who capture the broadcast to potenti...

This vulnerability in Siemens Location Intelligence products allows attackers to perform brute force attacks against user passwords due to weak passwo...

HCL MyXalytics has an improper password policy vulnerability that allows attackers to guess or brute-force passwords when usernames are known. This af...

This vulnerability allows users who are required to change their password to access system information before completing the password change. This aff...

A weak password policy vulnerability in LibreNMS allows administrators to create user accounts with extremely weak passwords like '12345678'. This exp...

HCL AION version 2 has a weak password policy vulnerability that allows users to set easily guessable passwords. This could enable attackers to gain u...

This vulnerability in Beetel 777VR1 routers allows attackers with physical access to bypass weak password requirements via the UART interface. It affe...

FreePBX Endpoint Manager versions before 16.0.96 and 17.0.1 through 17.0.9 have a weak default password (app_password) that is a 6-digit numeric value...