CVE-2022-41969 Nextcloud Server has no password length limit when creating a user as an administrator

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 conta...

UPchieve: No character limit in password field

Hey, when I try to set the password while creating an account into "UPchieve" I noticed that you haven't kept any password limit. You need to decrease password length: There are two reasons for limiting the password size. For one, hashing a large amount of data can cause significant resource...

Localize: The password limit is not set, [DoS].

Summary: You can create a very long password until you get the last user to put and aries or DoS. Normally passwords have 8-10-24 digits Impact DoS...

CVE-2017-9853

SMA Solar Technology inverters (Sunny Boy TLST-21/TL-21 and Sunny Tripower TL-10/TL-30) are affected by a weak password policy: no complexity or length requirements and a maximum 12-character limit, making strong passwords impossible. The CVE details state that this could allow password-related a...

Nmap NSE 6.01: ftp-brute

Performs brute force password auditing against FTP servers. This uses the standard unpwdb username/password list. However, in tests FTP servers are significantly slower than other servers when responding, so the number of usernames/passwords can be artificially limited using script arguments...

Nmap NSE net: drda-brute

Performs password guessing against databases supporting the IBM DB2 protocol such as Informix, DB2 and Derby SYNTAX: userdb: The filename of an alternate username database. drda-brute.threads: the amount of accounts to attempt to brute force in parallel default 10. unpwdb.userlimit: The maximum...