CVE-2020-6984

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable...

CVE-2020-11826

Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a password to read notes. However, these notes are stored in a database without encryption and an attacker can read the password-protected notes without having the password. Notes are stored in the ZENTITY...

CVE-2010-4729

Zikula before 1.2.3 does not use the authid protection mechanism for 1 the lostpassword form and 2 mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery CSRF attacks via multiple form submissions...

CVE-2019-19690

Trend Micro Mobile Security for Android Consumer versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature...

CVE-2019-0179

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2019-0175

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2019-0181

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2019-0178

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2019-0183

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2019-0182

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2019-0177

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2019-0180

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2025-47781

CVE-2025-47781 targets Rallly, an open-source scheduling tool. A 6-digit login token with weak entropy and no brute-force protection lets an unauthenticated attacker, knowing a valid email, brute-force the token within 15 minutes, potentially taking over the user’s account. Affected versions: up ...

Siemens Siveillance Video

SUMMARY The installer of Siveillance Video V2024 R1 resets the system configuration password when updating from older versions of Siveillance Video. This could inadvertently remove the password protection from system configuration files, also affecting backup data sets that were created after...

CVE-2025-24007

The CVE-2025-24007 issue affects Siemens SIRIUS 3RK3 Modular Safety System (MSS) and SIRIUS Safety Relays 3SK2 (all versions). The root cause is weak password obfuscation enabling an attacker with network access to retrieve and de-obfuscate the safety password used for protection against inadvert...

PT-2025-20848 · Siemens · Sirius 3Rk3 Modular Safety System +1

Name of the Vulnerable Software and Affected Versions: SIRIUS 3RK3 Modular Safety System MSS All versions SIRIUS Safety Relays 3SK2 All versions Description: A vulnerability has been identified where affected devices only provide weak password obfuscation. An attacker with network access could...

Siemens SIRIUS

SUMMARY SIRIUS 3SK2 Safety Relays and 3RK3 Modular Safety Systems only provide weak password obfuscation. An attacker with access to the PROFINET or serial interface of the device could eavesdrop or read the stored password from the device and de-obfuscate it. The safety passwords work as...

CVE-2025-46750 Authentication Bypass

SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow a local attacker to bypass password authentication and change password-protected BIOS settings by importing a BIOS settings file with no password set...

Ensure That the Password Protection Is Configured in Single-User Mode

You can edit the GRUB startup menu and add the s or single command to the Linux startup command line to enter the single-user mode, which is an emergency rescue mode. In this mode, system data can be modified. For example, users can change the password of the root user. In this case, the password...

CVE-2025-3927 CVE-2025-3927

Digigram's PYKO-OUT audio-over-IP AoIP web-server does not require a password by default, allowing any attacker with the target IP address to connect and compromise the device, potentially pivoting to connected network or hardware devices...