EUVD-2026-38116

Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its password policy configuration. An authenticated organization administrator can set an extremely large numeric value e.g., billions of characters as the minimum password length, making compliance...

CVE-2025-60954

Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts...

Important: Red Hat Security Advisory: openssl security and bug fix update

An update for openssl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

GHSA-MP5P-G2JV-R8QW rdiffweb contains Weak Password Requirements

rdiffweb version 2.4.1 has no password policy or password checking, which could make users vulnerable to brute force password guessing attacks. Version 2.4.2 enforces minimum and maximum password lengths...

PT-2022-20934 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.2 Description: The issue is related to weak password requirements. Specifically, versions prior to 2.4.2 have no password policy or password checking, making users vulnerable to brute force password guessing...

NIST and HIPAA: Is There a Password Connection?

When dealing with user data, it's essential that we design our password policies around compliance. These policies are defined both internally and externally. While companies uphold their own password standards, outside forces like HIPAA and NIST have a heavy influence. Impacts are defined by...

CVE-2018-15766

On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the "Minimum Password Length" group policy object to a value of 1 on that device. This allows for users to bypass any existing policy for password...

CVE-2018-15766

On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the "Minimum Password Length" group policy object to a value of 1 on that device. This allows for users to bypass any existing policy for password...

CVE-2018-15766 Dell Encryption and Dell Endpoint Security Suite Enterprise Security Policy Overwrite Vulnerability

On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the "Minimum Password Length" group policy object to a value of 1 on that device. This allows for users to bypass any existing policy for password...

Profile Builder < 2.5.8 - Authenticated Stored Cross-Site Scripting (XSS)

Stored Cross-Site Scripting XSS in field minimum password length. history.pushState'', '', '/'...

IBM Tealeaf Customer Experience Brute Force Vulnerability

IBM Tealeaf Customer Experience is a suite of SaaS-based analytics solutions for web and mobile applications. IBM Tealeaf Customer Experience fails to limit the minimum password length vulnerability. Allows remote attackers to exploit the vulnerability to submit a special request to perform a bru...

Design/Logic Flaw

ZyXEL Prestige routers have a minimum password length for the admin account that is too small, which makes it easier for remote attackers to guess passwords via brute force methods...