Total
174 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17444 | 1 Jfrog | 1 Artifactory | 2020-10-20 | 9.8 Critical |
| Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions prior to 6.17.0. | ||||
| CVE-2019-3758 | 1 Rsa | 1 Archer | 2020-10-16 | 9.8 Critical |
| RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts. | ||||
| CVE-2020-26103 | 1 Cpanel | 1 Cpanel | 2020-09-29 | 7.5 High |
| In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551). | ||||
| CVE-2018-17906 | 1 Philips | 2 Intellispace Pacs, Isite Pacs | 2020-09-18 | 8.8 High |
| Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system. | ||||
| CVE-2019-4698 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2020-08-27 | 7.5 High |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 171929. | ||||
| CVE-2019-7674 | 1 Mobotix | 2 S14, S14 Firmware | 2020-08-24 | N/A |
| An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /admin/access accepts a request to set the "aaaaa" password, considered insecure for some use cases, from a user. | ||||
| CVE-2019-9950 | 1 Westerndigital | 18 My Cloud, My Cloud Dl2100, My Cloud Dl2100 Firmware and 15 more | 2020-08-24 | N/A |
| Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an authentication bypass vulnerability. The login_mgr.cgi file checks credentials against /etc/shadow. However, the "nobody" account (which can be used to access the control panel API as a low-privilege logged-in user) has a default empty password, allowing an attacker to modify the My Cloud EX2 Ultra web page source code and obtain access to the My Cloud as a non-Admin My Cloud device user. | ||||
| CVE-2019-7676 | 1 Enphase | 1 Envoy | 2020-08-24 | N/A |
| A weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin account. | ||||
| CVE-2019-18988 | 1 Teamviewer | 1 Teamviewer | 2020-08-24 | 7.0 High |
| TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the current version of the product. If an attacker were to know this key, they could decrypt protect information stored in the registry or configuration files of TeamViewer. With versions before v9.x , this allowed for attackers to decrypt the Unattended Access password to the system (which allows for remote login to the system as well as headless file browsing). The latest version still uses the same key for OptionPasswordAES but appears to have changed how the Unattended Access password is stored. While in most cases an attacker requires an existing session on a system, if the registry/configuration keys were stored off of the machine (such as in a file share or online), an attacker could then decrypt the required password to login to the system. | ||||
| CVE-2019-18828 | 1 Barco | 8 Clickshare Cs-100, Clickshare Cs-100 Firmware, Clickshare Cse-200 and 5 more | 2020-08-24 | 6.8 Medium |
| Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account (present for access via debug interfaces, which are by default not enabled on production devices) of the embedded Linux on the ClickShare Button is using a weak password. | ||||
| CVE-2018-1956 | 1 Ibm | 1 Security Identity Manager | 2020-08-24 | N/A |
| IBM Security Identity Manager 6.0.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 153628. | ||||
| CVE-2018-1680 | 1 Ibm | 1 Security Privileged Identity Manager | 2020-08-24 | N/A |
| IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 145236. | ||||
| CVE-2018-15766 | 1 Dell | 2 Encryption, Endpoint Security Suite Enterprise | 2020-08-24 | N/A |
| On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the "Minimum Password Length" group policy object to a value of 1 on that device. This allows for users to bypass any existing policy for password length and potentially create insecure password on their device. This value is defined during the installation of the "Encryption Management Agent" or "EMAgent" application. There are no other known values modified. | ||||
| CVE-2015-8033 | 1 Textpattern | 1 Textpattern | 2020-08-20 | 5.3 Medium |
| In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account. | ||||
| CVE-2020-11624 | 1 Avertx | 4 Hd438, Hd438 Firmware, Hd838 and 1 more | 2020-07-29 | 9.8 Critical |
| An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. They do not require users to change the default password for the admin account. They only show a pop-up window suggesting a change but there's no enforcement. An administrator can click Cancel and proceed to use the device without changing the password. Additionally, they disclose the default username within the login.js script. Since many attacks for IoT devices, including malware and exploits, are based on the usage of default credentials, it makes these cameras an easy target for malicious actors. | ||||
| CVE-2020-7519 | 1 Schneider-electric | 1 Easergy Builder | 2020-07-27 | 7.5 High |
| A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account. | ||||
| CVE-2016-11069 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 7.5 High |
| An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change. | ||||
| CVE-2020-7492 | 1 Schneider-electric | 1 Gp-pro Ex Firmware | 2020-06-24 | 6.5 Medium |
| A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded. | ||||
| CVE-2019-4576 | 2 Ibm, Linux | 2 Qradar Network Packet Capture, Linux Kernel | 2020-06-16 | 9.8 Critical |
| IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 1 and 7.4.0 GA does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166803. | ||||
| CVE-2020-4245 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2020-05-28 | 7.5 High |
| IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 175423. | ||||