目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CWE-521 弱口令要求 类漏洞列表 114

CWE-521 弱口令要求 类弱点 114 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-521 属于弱密码要求漏洞,指系统未强制用户设置高强度密码。攻击者常利用此缺陷,通过暴力破解或字典攻击轻易猜解凭证,从而获取未授权访问权限。开发者应避免此类风险,实施强制密码策略,如设定最小长度、要求包含大小写字母、数字及特殊字符,并引入多因素认证,以显著提升账户安全性。

MITRE CWE 官方描述
CWE:CWE-521 Weak Password Requirements 英文:The product does not require that users should have strong passwords. 中文:该产品未要求用户使用强密码(strong passwords)。
常见影响 (1)
Access ControlGain Privileges or Assume Identity
An attacker could easily guess user passwords and gain access user accounts.
缓解措施 (4)
Architecture and DesignA product's design should require adherance to an appropriate password policy. Specific password requirements depend strongly on contextual factors, but it is recommended to contain the following attributes: Enforcement of a minimum and maximum length Restrictions against password reuse Restrictions against using common passwords Restrictions against using contextual string in the password (e.g., …
Architecture and DesignConsider a second authentication factor beyond the password, which prevents the password from being a single point of failure. See CWE-308 for further information.
ImplementationConsider implementing a password complexity meter to inform users when a chosen password meets the required attributes.
ImplementationPreviously, "password expiration" was widely advocated as a defense-in-depth approach to minimize the risk of weak passwords, and it has become a common practice. Password expiration requires a password to be changed within a fixed time window (such as every 90 days). However, this approach has significant limitations in the current threat landscape, and…
Effectiveness: Discouraged Common Practice
CVE ID标题CVSS风险等级Published
CVE-2026-11493 Tenda AC15 安全漏洞 — AC15 5.0 Medium2026-06-08
CVE-2024-40684 IBM Operations Analytics-Log Analysis 安全漏洞 — Operations Analytics - Log Analysis 5.9 Medium2026-05-27
CVE-2026-9394 Besen BS20 EV Charging Station 安全漏洞 — BS20 EV Charging Station 3.1 Low2026-05-24
CVE-2026-41038 Quantum Networks router 安全漏洞 — Router QN-I-470 8.8AIHighAI2026-04-21
CVE-2026-6284 Horner Automation多款产品 安全漏洞 — Cscape 9.1 Critical2026-04-17
CVE-2026-33771 Juniper Networks CTP OS 安全漏洞 — CTP OS 7.4 High2026-04-09
CVE-2026-34203 Nautobot 安全漏洞 — nautobot 2.7 Low2026-03-31
CVE-2025-55269 HCL Aftermarket DPC 安全漏洞 — Aftermarket DPC 4.2 Medium2026-03-26
CVE-2026-27575 Vikunja 代码问题漏洞 — vikunja 9.1 Critical2026-02-25
CVE-2026-25715 Jinan USR IOT USR-W610 安全漏洞 — USR-W610 9.8 Critical2026-02-20
CVE-2026-1408 Beetel 777VR1 安全漏洞 — 777VR1 2.0 Low2026-01-25
CVE-2025-55252 HCL AION 安全漏洞 — AION 3.1 Low2026-01-19
CVE-2025-68963 Huawei EMUI和Huawei HarmonyOS 安全漏洞 — HarmonyOS 5.7 Medium2026-01-14
CVE-2025-23408 Apache Fineract 安全漏洞 — Apache Fineract 9.8AICriticalAI2025-12-12
CVE-2025-67513 FreePBX Endpoint Manager 安全漏洞 — endpoint 9.8AICriticalAI2025-12-10
CVE-2025-65014 LibreNMS 安全漏洞 — librenms 3.7 Low2025-11-18
CVE-2025-55034 General Industrial Controls Lynx+ Gateway 安全漏洞 — Lynx+ Gateway 8.2 High2025-11-14
CVE-2025-12552 Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞 — BLU-IC2 9.8 -2025-10-31
CVE-2025-11200 MLflow 安全漏洞 — MLflow 9.8AICriticalAI2025-10-29
CVE-2025-12364 Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞 — BLU-IC2 9.8AICriticalAI2025-10-27
CVE-2025-11322 Mangati NovoSGA 安全漏洞 — NovoSGA 3.7 Low2025-10-06
CVE-2023-49883 IBM Transformation Extender Advanced 安全漏洞 — Transformation Extender Advanced 5.9 Medium2025-10-01
CVE-2025-9964 Novakon P series 安全漏洞 — P series (P07, P10, P12, P15) 6.8AIMediumAI2025-09-23
CVE-2025-10320 Dreamer CMS 安全漏洞 — Dreamer CMS 3.1 Low2025-09-12
CVE-2025-9514 mall 安全漏洞 — mall 3.7 Low2025-08-27
CVE-2025-55299 VaulTLS 安全漏洞 — VaulTLS 9.4 Critical2025-08-18
CVE-2025-8549 pybbs 安全漏洞 — pybbs 3.7 Low2025-08-05
CVE-2019-19145 Quantum SuperLoader 3 安全漏洞 — SuperLoader 5.8 Medium2025-08-01
CVE-2025-8182 Tenda AC18 安全漏洞 — AC18 5.6 Medium2025-07-26
CVE-2025-5022 Mitsubishi Electric PV-DR004J 安全漏洞 — PV-DR004J 6.5 Medium2025-07-10

CWE-521(弱口令要求) 是常见的弱点类别,本平台收录该类弱点关联的 114 条 CVE 漏洞。