30 matches found
CVE-2026-42482
A stack-based buffer overflow in mangletohexlower and mangletohexupper in src/rpcpu.c in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted rule file, or via the -j or -k rule options used with password candidates of 128 or more...
CVE-2026-42482
A stack-based buffer overflow in mangletohexlower and mangletohexupper in src/rpcpu.c in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted rule file, or via the -j or -k rule options used with password candidates of 128 or more...
PT-2025-44005
Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5 Description The software has a weak password policy. This affects Azure BLU-IC2 and BLU-IC4. The issue concerns insufficient password strength requirements. Recommendations Enforc...
EUVD-2021-25501
Malware in sbrugna...
NovoSGA: Manipulation of User Creation Page can lead to weak password requirements
A flaw has been found in Mangati NovoSGA up to 2.2.12. The impacted element is an unknown function of the file /novosga.users/new of the component User Creation Page. Executing manipulation of the argument Senha/Confirmação da senha can lead to weak password requirements. The attack can be launch...
CVE-2025-11322
A flaw has been found in Mangati NovoSGA up to 2.2.12. The impacted element is an unknown function of the file /novosga.users/new of the component User Creation Page. Executing manipulation of the argument Senha/Confirmação da senha can lead to weak password requirements. The attack can be launch...
EUVD-2022-38791
Malicious code in bioql PyPI...
CVE-2023-0641
A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password...
CVE-2022-35931
Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in very rare cases, generate common passwords that the validator itself would block. Upgrade Nextcloud...
PT-2025-6884 · Pmweb · Pmweb
Name of the Vulnerable Software and Affected Versions: PMWeb version 7.2.0 Description: A problem has been detected in the Setting Handler component, leading to weak password requirements. The attack can be initiated remotely and has a high complexity, making exploitation difficult. The exploit h...
CVE-2024-48845 Weak Password Rules/Strength
Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02...
CVE-2024-48845 Weak Password Rules/Strength
Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02...
PT-2024-12895 · Philips · Philips Vue Pacs
Name of the Vulnerable Software and Affected Versions: Philips Vue PACS affected versions not specified Description: The issue is related to the lack of strong password requirements for users, which could facilitate the compromise of user accounts by attackers. Recommendations: At the moment, the...
What can we learn from the passwords used in brute-force attacks?
Brute force attacks are one of the most elementary cyber threats out there. Technically, anyone with a keyboard and some free time could launch one of them -- just try a bunch of different username and password combinations on the website of your choice until you get blocked. Nick Biasini and I...
PT-2024-15483 · Unknown · Sourcecodester Engineers Online Portal
Name of the Vulnerable Software and Affected Versions: SourceCodester Engineers Online Portal version 1.0 Description: A vulnerability was found in the processing of the file signup teacher.php, where the manipulation of the argument Password leads to weak password requirements. The attack may be...
Many major websites allow users to have weak passwords
A new study that examines the current state of password policies across the internet shows that many of the most popular websites allow users to create weak passwords. For the Georgia Tech study, the researchers designed an algorithm that automatically determined a website’s password policy. With...
PT-2023-6470 · Unknown · I-Doit Open +1
Name of the Vulnerable Software and Affected Versions: I-doit pro versions 25 and below I-doit open versions 25 and below Description: The issue is related to weak password requirements for Administrator account creation in the affected software. This weakness allows attackers to easily guess...
The Password Game
Amusing parody of password rules. BoingBoing: For example, at a certain level, your password must include todays Wordle answer. And then theres rule 27: "At least 50% of your password must be in the Wingdings font." EDITED TO ADD 7/13: Here are all the rules...
Dumb Password Rules
Examples of dumb password rules. There are some pretty bad disasters out there. My worst experiences are with sites that have artificial complexity requirements that cause my personal password-generation systems to fail. Some of the systems on the list are even worse: when they fail they dont tel...
CVE-2023-0641
A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password...