Total
210 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-5389 | 1 Ietf | 1 Internet Key Exchange | 2024-11-21 | N/A |
| The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network. | ||||
| CVE-2018-1956 | 1 Ibm | 1 Security Identity Manager | 2024-11-21 | N/A |
| IBM Security Identity Manager 6.0.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 153628. | ||||
| CVE-2018-1680 | 1 Ibm | 1 Security Privileged Identity Manager | 2024-11-21 | N/A |
| IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 145236. | ||||
| CVE-2018-1372 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-11-21 | N/A |
| IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 137772. | ||||
| CVE-2018-1101 | 1 Redhat | 3 Ansible Tower, Cloudforms, Cloudforms Managementengine | 2024-11-21 | N/A |
| Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system. | ||||
| CVE-2018-19064 | 2 Foscam, Opticam | 6 C2, C2 Application Firmware, C2 System Firmware and 3 more | 2024-11-21 | N/A |
| An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ftpuser1 account has a blank password, which cannot be changed. | ||||
| CVE-2018-18562 | 1 Roche | 8 Accu-chek Inform Ii, Accu-chek Inform Ii Firmware, Base Unit Hub and 5 more | 2024-11-21 | N/A |
| An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Weak access credentials may enable attackers in the adjacent network to gain unauthorized service access via a service interface. | ||||
| CVE-2018-17906 | 1 Philips | 2 Intellispace Pacs, Isite Pacs | 2024-11-21 | 8.8 High |
| Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system. | ||||
| CVE-2018-16703 | 1 Gleeztech | 1 Gleez Cms | 2024-11-21 | N/A |
| A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker to perform multiple user enumerations, which can further help an attacker to perform login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side access control and login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Portal login page. An exploit could allow the attacker to identify existing users and perform brute-force password attacks on the Portal, as demonstrated by navigating to the user/4 URI. | ||||
| CVE-2018-15766 | 1 Dell | 2 Encryption, Endpoint Security Suite Enterprise | 2024-11-21 | N/A |
| On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the "Minimum Password Length" group policy object to a value of 1 on that device. This allows for users to bypass any existing policy for password length and potentially create insecure password on their device. This value is defined during the installation of the "Encryption Management Agent" or "EMAgent" application. There are no other known values modified. | ||||
| CVE-2018-15748 | 1 Dell | 4 2335dn, 2335dn Engine Firmware, 2335dn Network Firmware and 1 more | 2024-11-21 | N/A |
| On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of the Email Settings webpage. In some cases, authentication can be achieved with the blank default password for the admin account. NOTE: the vendor indicates that this is an "End Of Support Life" product. | ||||
| CVE-2018-15719 | 1 Opendental | 1 Opendental | 2024-11-21 | N/A |
| Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all database information. | ||||
| CVE-2018-12925 | 1 Lantronix | 2 Mss, Mss Firmware | 2024-11-21 | N/A |
| Baseon Lantronix MSS devices do not require a password for TELNET access. | ||||
| CVE-2018-1000134 | 2 Pingidentity, Redhat | 3 Ldapsdk, Jboss Enterprise Bpms Platform, Rhev Manager | 2024-11-21 | N/A |
| UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty password when running in synchronous mode. commit with applied fix https://github.com/pingidentity/ldapsdk/commit/8471904a02438c03965d21367890276bc25fa5a6#diff-f6cb23b459be1ec17df1da33760087fd that can result in Ability to impersonate any valid user. This attack appear to be exploitable via Providing valid username and empty password against servers that do not do additional validation as per https://tools.ietf.org/html/rfc4513#section-5.1.1. This vulnerability appears to have been fixed in after commit 8471904a02438c03965d21367890276bc25fa5a6. | ||||
| CVE-2017-9818 | 1 Npci | 1 Bharat Interface For Money \(bhim\) | 2024-11-21 | N/A |
| The National Payments Corporation of India BHIM application 1.3 for Android relies on a four-digit passcode, which makes it easier for attackers to obtain access. | ||||
| CVE-2017-1601 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2024-11-21 | N/A |
| IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624. | ||||
| CVE-2017-1597 | 1 Ibm | 1 Security Guardium | 2024-11-21 | N/A |
| IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132610. | ||||
| CVE-2017-18857 | 1 Netgear | 1 Insight | 2024-11-21 | 9.8 Critical |
| The NETGEAR Insight application before 2.42 for Android and iOS is affected by password mismanagement. | ||||
| CVE-2016-11069 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change. | ||||
| CVE-2015-8033 | 1 Textpattern | 1 Textpattern | 2024-11-21 | 5.3 Medium |
| In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account. | ||||