Total
174 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40333 | 1 Hitachienergy | 4 Fox615, Fox615 Firmware, Xcm20 and 1 more | 2021-12-07 | 7.1 High |
| Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A. | ||||
| CVE-2021-38462 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2021-10-22 | 9.8 Critical |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users and perform operations on their behalf. | ||||
| CVE-2021-41296 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2021-10-07 | 9.8 Critical |
| ECOA BAS controller uses weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. | ||||
| CVE-2021-28914 | 1 Bab-technologie | 2 Eibport, Eibport Firmware | 2021-09-22 | 6.5 Medium |
| BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to set a weak password because the strength is shown in configuration tool, but finally not enforced. This is usable and part of an attack chain to gain SSH root access. | ||||
| CVE-2021-28912 | 1 Bab-technologie | 2 Eibport, Eibport Firmware | 2021-09-20 | 7.2 High |
| BAB TECHNOLOGIE GmbH eibPort V3. Each device has its own unique hard coded and weak root SSH key passphrase known as 'eibPort string'. This is usable and the final part of an attack chain to gain SSH root access. | ||||
| CVE-2018-6312 | 1 Foxconn | 2 Ap-fc4064-t, Ap-fc4064-t Firmware | 2021-09-09 | 7.2 High |
| A privileged account with a weak default password on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 can be used to turn on the TELNET service via the web interface, which allows root login without any password. This vulnerability will lead to full system compromise and disclosure of user communications. The foxconn account with an 8-character lowercase alphabetic password can be used. | ||||
| CVE-2020-15369 | 1 Broadcom | 1 Fabric Operating System | 2021-08-23 | 8.8 High |
| Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host. | ||||
| CVE-2021-20418 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2021-08-19 | 9.8 Critical |
| IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196279. | ||||
| CVE-2020-8790 | 1 Oklok Project | 1 Oklok | 2021-07-21 | 9.8 Critical |
| The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a brute force attack. | ||||
| CVE-2020-8988 | 1 Voatz | 1 Voatz | 2021-07-21 | 5.9 Medium |
| The Voatz application 2020-01-01 for Android allows only 100 million different PINs, which makes it easier for attackers (after using root access to make a copy of the local database) to discover login credentials and voting history via an offline brute-force approach. | ||||
| CVE-2020-9023 | 1 Iteris | 2 Vantage Velocity, Vantage Velocity Firmware | 2021-07-21 | 9.8 Critical |
| Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords (User bluetooth, password bluetooth; User eclipse, password eclipse). Also, bluetooth is the root password. | ||||
| CVE-2021-32753 | 1 Edgexfoundry | 1 Edgex Foundry | 2021-07-14 | 6.5 Medium |
| EdgeX Foundry is an open source project for building a common open framework for internet-of-things edge computing. A vulnerability exists in the Edinburgh, Fuji, Geneva, and Hanoi versions of the software. When the EdgeX API gateway is configured for OAuth2 authentication and a proxy user is created, the client_id and client_secret required to obtain an OAuth2 authentication token are set to the username of the proxy user. A remote network attacker can then perform a dictionary-based password attack on the OAuth2 token endpoint of the API gateway to obtain an OAuth2 authentication token and use that token to make authenticated calls to EdgeX microservices from an untrusted network. OAuth2 is the default authentication method in EdgeX Edinburgh release. The default authentication method was changed to JWT in Fuji and later releases. Users should upgrade to the EdgeX Ireland release to obtain the fix. The OAuth2 authentication method is disabled in Ireland release. If unable to upgrade and OAuth2 authentication is required, users should create OAuth2 users directly using the Kong admin API and forgo the use of the `security-proxy-setup` tool to create OAuth2 users. | ||||
| CVE-2021-25923 | 1 Open-emr | 1 Openemr | 2021-06-30 | 8.1 High |
| In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover. | ||||
| CVE-2021-25839 | 1 Minthcm | 1 Minthcm | 2021-05-06 | 9.8 Critical |
| A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing. | ||||
| CVE-2021-26797 | 1 Hametech | 2 Hame Sd1 Wi-fi, Hame Sd1 Wi-fi Firmware | 2021-05-06 | 9.8 Critical |
| An access control vulnerability in Hame SD1 Wi-Fi firmware <=V.20140224154640 allows an attacker to get system administrator through an open Telnet service. | ||||
| CVE-2020-25153 | 1 Moxa | 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware | 2020-12-23 | 7.5 High |
| The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords. | ||||
| CVE-2020-29591 | 1 Docker | 1 Registry | 2020-12-15 | 9.8 Critical |
| Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-27585 | 1 Quickheal | 1 Total Security | 2020-12-04 | 4.4 Medium |
| Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password. | ||||
| CVE-2020-27587 | 1 Quickheal | 1 Total Security | 2020-12-01 | 6.7 Medium |
| Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access to files in the File Vault via a brute-force attack on the password. | ||||
| CVE-2020-8956 | 2 Microsoft, Pulsesecure | 2 Windows, Pulse Secure Desktop | 2020-10-27 | 3.3 Low |
| Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' passwords if Save Settings is enabled. | ||||