Lucene search
K

144 matches found

Cvelist
Cvelist
added 2024/06/14 12:0 a.m.20 views

CVE-2024-33373

An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force attack...

0.00301EPSS
Exploits0References2
OSV
OSV
added 2024/06/06 12:26 p.m.8 views

CGA-PWQ3-MQJC-MVX6

Bulletin has no description...

5.9CVSS6.6AI score0.01001EPSS
Exploits0
Hacker One
Hacker One
added 2024/03/28 11:19 a.m.8 views

passhash: Missing policies for password in password_policies.go

Summary: Some missing policies to consider adding Policies: 1. Password History - There isno policy implemented for password history requirements. This will be for preventing users from reusing their previous passwords. 2. Strong password- here are no checks for strong password requirements like...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2024/02/04 1:40 a.m.308 views

Exploit for Forced Browsing in Fortra Goanywhere_Managed_File_Transfer

CVE-2024-0204: Authentication Bypass in GoAnywhere MFT Script...

9.8CVSS9.6AI score0.95086EPSS
Exploits8
Veracode
Veracode
added 2024/01/13 1:49 p.m.23 views

Incorrect Authorization

openstack-keystone is vulnerable to Incorrect Authorization. The vulnerability is caused due to a flaw where only the first 72 characters of an application secret are verified. This allows attackers to bypass some password complexity which administrators may be counting on leading to compromising...

7.4CVSS6.8AI score0.01319EPSS
Exploits1References6Affected Software1
Kitploit
Kitploit
added 2023/12/06 11:30 a.m.50 views

PassBreaker - Command-line Password Cracking Tool Developed In Python

PassBreaker is a command-line password cracking tool developed in Python. It allows you to perform various password cracking techniques such as wordlist-based attacks and brute force attacks. Features Wordlist-based password cracking Brute force password cracking Support for multiple hash...

7.6AI score
Exploits0References2
The Hacker News
The Hacker News
added 2023/09/25 11:19 a.m.38 views

Are You Willing to Pay the High Cost of Compromised Credentials?

Weak password policies leave organizations vulnerable to attacks. But are the standard password complexity requirements enough to secure them? 83% of compromised passwords would satisfy the password complexity and length requirements of compliance standards. That's because bad actors already have...

6.7AI score
Exploits0
CNNVD
CNNVD
added 2023/05/22 12:0 a.m.3 views

Apache InLong 安全漏洞

Apache InLong is the United States Apache Apache Foundation's one-stop massive data integration framework. A security vulnerability exists in Apache InLong versions 1.1.0 through 1.6.0, which stems from an application that does not set a complexity requirement for user passwords, and can be...

9.8CVSS6.8AI score0.01233EPSS
Exploits0References2
NVD
NVD
added 2023/03/30 7:15 p.m.19 views

CVE-2023-28835

Nextcloud server is an open source home cloud implementation. In affected versions the generated fallback password when creating a share was using a weak complexity random number generator, so when the sharer did not change it the password could be guessable to an attacker willing to brute force...

7.5CVSS5.6AI score0.0054EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.3 views

SUSE CVE-2019-14833

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for passwo...

4.2CVSS8.9AI score0.02084EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:49 a.m.5 views

SUSE CVE-2021-3563

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity...

7.4CVSS6.4AI score0.01319EPSS
Exploits1References3
Citrix
Citrix
added 2022/10/18 12:0 a.m.6 views

"Cannot complete your request" when using SAML: FailedPasswordComplexity

CitrixAGBasic SSO failed when using SAML: FailedPasswordComplexity...

7.2AI score
Exploits0
OSV
OSV
added 2022/09/30 12:0 a.m.12 views

GHSA-8WXF-C45W-G66G rdiffweb vulnerable to password complexity bypass leading to weak passwords

ikus060/rdiffweb prior to 2.4.9 allows a user to set there password to all spaces. While rdiffweb has a password policy requiring passwords to be between 8 and 128 characters, it does not validate the password entropy, allowing users to bypass password complexity requirements with weak passwords...

5.4CVSS4.5AI score0.0055EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/09/30 12:0 a.m.24 views

rdiffweb vulnerable to password complexity bypass leading to weak passwords

ikus060/rdiffweb prior to 2.4.9 allows a user to set there password to all spaces. While rdiffweb has a password policy requiring passwords to be between 8 and 128 characters, it does not validate the password entropy, allowing users to bypass password complexity requirements with weak passwords...

5.4CVSS5.1AI score0.0055EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/28 12:0 a.m.3 views

PT-2022-21758 · Ikus060 · Rdiffweb

Name of the Vulnerable Software and Affected Versions: ikus060/rdiffweb versions prior to 2.4.9 Description: The issue concerns weak password requirements. Specifically, it allows users to set passwords with all spaces, bypassing password complexity requirements due to a lack of password entropy...

5.4CVSS4.7AI score0.0055EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2022/08/27 12:0 a.m.24 views

Openstack Keystone Incorrect Authorization vulnerability

A flaw was found in openstack-keystone, only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. A patch is...

7.4CVSS7.2AI score0.01319EPSS
Exploits1References11Affected Software1
NVD
NVD
added 2022/08/26 4:15 p.m.29 views

CVE-2021-3563

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity...

7.4CVSS0.01319EPSS
Exploits1References5
OSV
OSV
added 2022/08/26 4:15 p.m.20 views

CVE-2021-3563

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity...

7.4CVSS7.4AI score0.01319EPSS
Exploits1References5
OSV
OSV
added 2022/08/26 4:15 p.m.1 views

DEBIAN-CVE-2021-3563

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity...

7.4CVSS6.5AI score0.01319EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2022/08/26 4:15 p.m.28 views

CVE-2021-3563

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity...

7.4CVSS6.7AI score0.01319EPSS
Exploits1References2
Rows per page
Query Builder