GHSA-PXF8-6WQM-R6HH Note Mark: OIDC-registered users authenticated by submitting password "null"

Summary IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt"null" placeholder whenever a user has no stored password. OIDC-registered users are created with an empty password, so anyone who submits password: "null" to the internal login endpoint receives a valid session for...

MiracleLinux 7 : postgresql-9.2.23-1.el7 (AXSA:2017-2243:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2243:02 advisory. It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty...

opensourcepos 安全漏洞

opensourcepos is a point-of-sale system from opensourcepos open source. A security vulnerability exists in opensourcepos version 3.4.1, which stems from a lack of server-side authentication and could lead to the setting of empty passwords and unauthorized access...

EUVD-2019-9347

Malware in sbrugna...

EUVD-2018-0868

Malware in sbrugna...

EUVD-2025-25133

Malicious code in bioql PyPI...

CVE-2025-55299

VaulTLS has an authentication issue prior to 0.9.1: user accounts created via the User web UI may have an empty (non-NULL) password, enabling login with an empty password. This is exacerbated by API login still working after frontend password checks were disabled. The vulnerability is fixed in 0....

CVE-2025-55299 VaulTLS has a password-based login exploit in additional user accounts

VaulTLS is a modern solution for managing mTLS mutual TLS certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL password set, attackers can use this to login with an empty password. This is combined with that fact, that previously disabling the...

CVE-2025-55299 VaulTLS has a password-based login exploit in additional user accounts

VaulTLS is a modern solution for managing mTLS mutual TLS certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL password set, attackers can use this to login with an empty password. This is combined with that fact, that previously disabling the...

CVE-2023-51987

D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords...

Rapid SCADA 安全漏洞

Rapid SCADA is a full-featured SCADA software from Rapid SCADA Open Source. A security vulnerability exists in Rapid SCADA version 5.8.4, which originates in the file ScadaServerEngine/MainLogic.cs where CheckUser allows the use of empty passwords...

PT-2024-19340 · Ibm · Ibm System Storage Ds8900F

Name of the Vulnerable Software and Affected Versions: IBM System Storage DS8900F versions 89.22.19.0 through 89.40.93.0 Description: The issue allows a remote user to create an LDAP connection with a valid username and an empty password, potentially establishing an anonymous connection...

CVE-2023-51987

D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords...

CVE-2023-51989

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-51987. Reason: This candidate is a reservation duplicate of CVE-2025-51987. Notes: All CVE users should reference CVE-2025-51987 instead of this candidate. All references and descriptions in this candidate have been removed t...

Design/Logic Flaw

D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords...

CVE-2023-51989

...

CVE-2023-51987

D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords...

CVE-2023-51987

D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords...

CVE-2023-51989

...

GHSA-36XX-7VF6-7MV3 Silverstripe Framework: Members with no password can be created and bypass custom login forms

When a new Member record was created in the cms it was possible to set a blank password. If an attacker knows the email address of the user with the blank password then they can attempt to log in using an empty password. The default member authenticator, login form and basic auth all require a...