Total
249 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36689 | 1 Samourai-wallet-android Project | 1 Samourai-wallet-android | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this situation.
|
|||||
| CVE-2021-35498 | 1 Tibco | 2 Ebx, Product And Service Catalog Powered By Tibco Ebx | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
|
The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that under certain specific conditions allows an attacker to enter a password other than the legitimate password and it will be accepted as valid. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.123 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, ...
Show More |
|||||
| CVE-2021-32753 | 1 Edgexfoundry | 1 Edgex Foundry | 2024-11-21 | 5.8 MEDIUM | 8.3 HIGH |
|
EdgeX Foundry is an open source project for building a common open framework for internet-of-things edge computing. A vulnerability exists in the Edinburgh, Fuji, Geneva, and Hanoi versions of the software. When the EdgeX API gateway is configured for OAuth2 authentication and a proxy user is created, the client_id and client_secret required to obtain an OAuth2 authentication token are set to the username of the proxy user. A remote network attacker can then perform a dictionary-based password a ...
Show More |
|||||
| CVE-2021-28914 | 1 Bab-technologie | 2 Eibport, Eibport Firmware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to set a weak password because the strength is shown in configuration tool, but finally not enforced. This is usable and part of an attack chain to gain SSH root access.
|
|||||
| CVE-2021-28912 | 1 Bab-technologie | 2 Eibport, Eibport Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
BAB TECHNOLOGIE GmbH eibPort V3. Each device has its own unique hard coded and weak root SSH key passphrase known as 'eibPort string'. This is usable and the final part of an attack chain to gain SSH root access.
|
|||||
| CVE-2021-26797 | 1 Hametech | 2 Hame Sd1 Wi-fi, Hame Sd1 Wi-fi Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An access control vulnerability in Hame SD1 Wi-Fi firmware <=V.20140224154640 allows an attacker to get system administrator through an open Telnet service.
|
|||||
| CVE-2021-25923 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover.
|
|||||
| CVE-2021-25839 | 1 Minthcm | 1 Minthcm | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing.
|
|||||
| CVE-2021-25309 | 1 Gigaset | 2 Dx600a, Dx600a Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does not implement any lockout or throttling functionality. This situation (together with the weak password policy that forces a 4-digit password) allows remote attackers to easily obtain administrative access via brute-force attacks.
|
|||||
| CVE-2021-20470 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339.
|
|||||
| CVE-2021-20418 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196279.
|
|||||
| CVE-2021-1522 | 1 Cisco | 1 Connected Mobile Experiences | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device. This vulnerability exists because a password policy check is incomplete at the time a password is changed at server side using the API. An attacker could exploit this vulnerability by sending a specially crafted API requ ...
Show More |
|||||
| CVE-2020-9023 | 1 Iteris | 2 Vantage Velocity, Vantage Velocity Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords (User bluetooth, password bluetooth; User eclipse, password eclipse). Also, bluetooth is the root password.
|
|||||
| CVE-2020-8988 | 1 Voatz | 1 Voatz | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The Voatz application 2020-01-01 for Android allows only 100 million different PINs, which makes it easier for attackers (after using root access to make a copy of the local database) to discover login credentials and voting history via an offline brute-force approach.
|
|||||
| CVE-2020-8956 | 2 Microsoft, Pulsesecure | 2 Windows, Pulse Secure Desktop | 2024-11-21 | 1.9 LOW | 3.3 LOW |
|
Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' passwords if Save Settings is enabled.
|
|||||
| CVE-2020-8790 | 1 Oklok Project | 1 Oklok | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a brute force attack.
|
|||||
| CVE-2020-8632 | 3 Canonical, Debian, Opensuse | 3 Cloud-init, Debian Linux, Leap | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.
|
|||||
| CVE-2020-8296 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured.
|
|||||
| CVE-2020-7940 | 1 Plone | 1 Plone | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking.
|
|||||
| CVE-2020-7519 | 1 Schneider-electric | 1 Easergy Builder | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account.
|
|||||
| CVE-2020-7492 | 1 Schneider-electric | 1 Gp-pro Ex Firmware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded.
|
|||||
| CVE-2020-6995 | 1 Moxa | 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unauthorized access.
|
|||||
| CVE-2020-6991 | 1 Moxa | 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force.
|
|||||
| CVE-2020-4574 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 184181.
|
|||||
| CVE-2020-4245 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 175423.
|
|||||
| CVE-2020-29591 | 1 Docker | 1 Registry | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password.
|
|||||
| CVE-2020-27587 | 1 Quickheal | 1 Total Security | 2024-11-21 | 2.1 LOW | 6.7 MEDIUM |
|
Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access to files in the File Vault via a brute-force attack on the password.
|
|||||
| CVE-2020-27585 | 1 Quickheal | 1 Total Security | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password.
|
|||||
| CVE-2020-26201 | 1 Askey | 2 Ap5100w, Ap5100w Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH.
|
|||||
| CVE-2020-26103 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551).
|
|||||
| CVE-2020-25153 | 1 Moxa | 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords.
|
|||||
| CVE-2020-15369 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
|
Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host.
|
|||||
| CVE-2020-15115 | 2 Fedoraproject, Redhat | 2 Fedora, Etcd | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
|
etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort.
|
|||||
| CVE-2020-11966 | 1 Evenroute | 2 Iqrouter, Iqrouter Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to b ...
Show More |
|||||
| CVE-2020-11925 | 1 Luvion | 2 Grand Elite 3 Connect, Grand Elite 3 Connect Firmware | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
|
An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the device is based on a username and password. The root credentials are the same across all devices of this model.
|
|||||
| CVE-2020-11624 | 1 Avertx | 4 Hd438, Hd438 Firmware, Hd838 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. They do not require users to change the default password for the admin account. They only show a pop-up window suggesting a change but there's no enforcement. An administrator can click Cancel and proceed to use the device without changing the password. Additionally, they disclose the default username within the login.js script. Since ma ...
Show More |
|||||
| CVE-2019-9950 | 1 Westerndigital | 18 My Cloud, My Cloud Dl2100, My Cloud Dl2100 Firmware and 15 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an authentication bypass vulnerability. The login_mgr.cgi file checks credentials against /etc/shadow. However, the "nobody" account (which can be used to access the control panel API as a low-privilege logged-in user) has a default empty password, allowing an attacker to modify the My C ...
Show More |
|||||
| CVE-2019-9123 | 1 Dlink | 2 Dir-825 Rev.b, Dir-825 Rev.b Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "user" account has a blank password.
|
|||||
| CVE-2019-9096 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Insufficient password requirements for the MGate web application may allow an attacker to gain access by brute-forcing account passwords.
|
|||||
| CVE-2019-7676 | 1 Enphase | 1 Envoy | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin account.
|
|||||