Vulnerabilities (CVE)

Filtered by CWE-521
Total 213 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-7306 1 Riverbed 1 Rios 2025-04-20 1.9 LOW 6.4 MEDIUM
Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for supporting arbitrary password changes by customers; however, a password change is optional to meet different customers' needs
CVE-2017-12861 1 Epson 1 Easymp 2025-04-20 7.5 HIGH 9.8 CRITICAL
The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.All Epson projectors supporting the "EasyMP" software are vulnerable to a brute-force vulnerability, allowing any attacker on the network to remotely control and stream to the vulnerable device
CVE-2017-7305 1 Riverbed 1 Rios 2025-04-20 2.1 LOW 4.6 MEDIUM
Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for a bootloader password; however, this password is optional to meet different customers' needs
CVE-2017-16727 1 Moxa 4 Nport W2150a, Nport W2150a Firmware, Nport W2250a and 1 more 2025-04-20 6.4 MEDIUM 9.1 CRITICAL
A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic.
CVE-2017-7150 1 Apple 1 Mac Os X 2025-04-20 2.1 LOW 5.5 MEDIUM
An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "Security" component. It allows attackers to bypass the keychain access prompt, and consequently extract passwords, via a synthetic click.
CVE-2017-9853 1 Sma 78 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 75 more 2025-04-20 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited set of characters. NOTE: the vendor reports that the 12-character limit provides "a very high security standard." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
CVE-2017-1386 1 Ibm 2 Api Connect, Api Management 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160.
CVE-2017-1221 1 Ibm 1 Bigfix Platform 2025-04-20 5.0 MEDIUM 9.8 CRITICAL
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123861.
CVE-2023-27272 2025-04-15 N/A 3.1 LOW
IBM Aspera Console 3.4.0 through 3.4.4 allows passwords to be reused when a new user logs into the system.
CVE-2012-2441 1 Siemens 1 Ruggedcom Rugged Operating System 2025-04-11 8.5 HIGH N/A
RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH or (2) HTTPS session, a different vulnerability than CVE-2012-1803.
CVE-2025-25749 1 Digitaldruid 1 Hoteldruid 2025-04-07 N/A 7.1 HIGH
An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies.
CVE-2025-27663 1 Printerlogic 2 Vasion Print, Virtual Appliance 2025-04-01 N/A 9.8 CRITICAL
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Weak Password Encryption / Encoding OVE-20230524-0007.
CVE-2025-25211 2025-04-01 N/A 9.8 CRITICAL
Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login.
CVE-2023-0569 1 Publify Project 1 Publify 2025-03-28 N/A 6.5 MEDIUM
Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.
CVE-2024-21865 2025-03-28 N/A 6.5 MEDIUM
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell.
CVE-2025-1474 1 Lfprojects 1 Mlflow 2025-03-27 N/A 5.5 MEDIUM
In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user account management. The issue is fixed in version 2.19.0.
CVE-2024-1345 1 Laborofficefree 1 Laborofficefree 2025-03-24 N/A 6.8 MEDIUM
Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to perform a brute force attack and easily discover the root password.
CVE-2024-1346 1 Laborofficefree 1 Laborofficefree 2025-03-24 N/A 6.8 MEDIUM
Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants.
CVE-2024-47221 1 Rapidscada 1 Rapid Scada 2025-03-19 N/A 7.5 HIGH
CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password.
CVE-2019-18988 1 Teamviewer 1 Teamviewer 2025-03-14 4.4 MEDIUM 7.0 HIGH
TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the current version of the product. If an attacker were to know this key, they could decrypt protect information stored in the registry or configuration files of TeamViewer. With versions before v9.x , this allowed for attackers to decrypt the Unattended Access password to the system (which allows for remote login to the system as well as headless file browsing). The latest version still uses the same key for OptionPasswordAES but appears to have changed how the Unattended Access password is stored. While in most cases an attacker requires an existing session on a system, if the registry/configuration keys were stored off of the machine (such as in a file share or online), an attacker could then decrypt the required password to login to the system.