Lucene search
K

6 matches found

Cvelist
Cvelist
added 2022/12/01 8:47 p.m.17 views

CVE-2022-41969 Nextcloud Server has no password length limit when creating a user as an administrator

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 conta...

2.4CVSS4.1AI score0.0033EPSS
Exploits0References3
Hacker One
Hacker One
added 2022/01/27 11:51 p.m.55 views

UPchieve: No character limit in password field

Hey, when I try to set the password while creating an account into "UPchieve" I noticed that you haven't kept any password limit. You need to decrease password length: There are two reasons for limiting the password size. For one, hashing a large amount of data can cause significant resource...

7.3AI score
Exploits0
Hacker One
Hacker One
added 2020/01/25 9:40 p.m.76 views

Localize: The password limit is not set, [DoS].

Summary: You can create a very long password until you get the last user to put and aries or DoS. Normally passwords have 8-10-24 digits Impact DoS...

7AI score
Exploits0
CVE
CVE
added 2017/08/05 5:0 p.m.55 views

CVE-2017-9853

SMA Solar Technology inverters (Sunny Boy TLST-21/TL-21 and Sunny Tripower TL-10/TL-30) are affected by a weak password policy: no complexity or length requirements and a maximum 12-character limit, making strong passwords impossible. The CVE details state that this could allow password-related a...

9.8CVSS9.3AI score0.00327EPSS
Exploits0References3Affected Software1
OpenVAS
OpenVAS
added 2013/02/28 12:0 a.m.20 views

Nmap NSE 6.01: ftp-brute

Performs brute force password auditing against FTP servers. This uses the standard unpwdb username/password list. However, in tests FTP servers are significantly slower than other servers when responding, so the number of usernames/passwords can be artificially limited using script arguments...

7.5AI score
Exploits0
OpenVAS
OpenVAS
added 2011/06/01 12:0 a.m.9 views

Nmap NSE net: drda-brute

Performs password guessing against databases supporting the IBM DB2 protocol such as Informix, DB2 and Derby SYNTAX: userdb: The filename of an alternate username database. drda-brute.threads: the amount of accounts to attempt to brute force in parallel default 10. unpwdb.userlimit: The maximum...

7.2AI score
Exploits0
Rows per page
Query Builder