111 vulnerabilities classified as CWE-521 (弱口令要求). AI Chinese analysis included.
CWE-521 represents a critical authentication weakness where software fails to enforce robust password policies, allowing users to select trivially guessable credentials. Attackers typically exploit this vulnerability through offline brute-force or dictionary attacks, rapidly compromising accounts by testing common words, simple patterns, or previously leaked password databases against the weak hashes. Because the system permits low-entropy secrets, the computational effort required to breach accounts is significantly reduced, facilitating unauthorized access and potential data exfiltration. To mitigate this risk, developers must implement strict validation mechanisms that mandate minimum length, complexity, and uniqueness requirements. By integrating real-time feedback and checking against known compromised password lists during registration, organizations can ensure users create strong, resilient passwords that withstand automated cracking attempts and protect sensitive system resources.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-2098 | Weak Password Requirements in kromitgmbh/titra — kromitgmbh/titra | 9.8 | - | 2022-06-16 |
| CVE-2022-29098 | Dell EMC PowerScale OneFS 安全漏洞 — PowerScale OneFS | 8.1 | High | 2022-06-01 |
| CVE-2022-1775 | Weak Password Requirements in polonel/trudesk — polonel/trudesk | 9.8 | - | 2022-05-20 |
| CVE-2022-1039 | ICSA-22-104-03 Red Lion DA50N — DA50N | 9.6 | Critical | 2022-04-20 |
| CVE-2022-1236 | Weak Password Requirements in weseek/growi — weseek/growi | 9.4 | - | 2022-04-05 |
| CVE-2022-22110 | DayByDay CRM - Weak Password Requirements in Update User — DaybydayCRM | 7.5 | High | 2022-01-05 |
| CVE-2021-40333 | Weak default credential associated with TCP port 26 — FOX61x | 9.0 | Critical | 2021-12-02 |
| CVE-2021-38462 | InHand Networks IR615 Router — IR615 Router | 9.8 | Critical | 2021-10-19 |
| CVE-2021-41296 | ECOA BAS controller - Weak Password Requirements — ECS Router Controller ECS (FLASH) | 9.8 | Critical | 2021-09-30 |
| CVE-2020-25153 | MOXA NPort IAW5000A-I/O Series — NPort IAW5000A-I/O | 9.8 | Critical | 2020-12-23 |
| CVE-2019-17444 | JFrog Artifactory does not enforce default admin password change — Artifactory | 9.8 | Critical | 2020-10-12 |
| CVE-2020-15115 | No minimum password length in etcd — etcd | 5.8 | Medium | 2020-08-06 |
| CVE-2020-7519 | Schneider Electric Easergy Builder 安全漏洞 — Easergy Builder (Version 1.4.7.2 and older) | 9.8 | - | 2020-07-23 |
| CVE-2020-7492 | Schneider Electric GP-Pro EX 安全漏洞 — GP-Pro EX V1.00 to V4.09.100 | 8.1 | - | 2020-06-16 |
| CVE-2019-19093 | ABB eSOMS: Password complexity issue — eSOMS | 6.5 | Medium | 2020-04-02 |
| CVE-2020-6991 | Moxa EDS-G516E和EDS-510E 安全漏洞 — Moxa EDS-G516E Series firmware, Version 5.2 or lower | 9.8 | - | 2020-03-24 |
| CVE-2020-6995 | Moxa PT-7528和PT-7828 安全漏洞 — Moxa PT-7528 series firmware, Version 4.0 or lower, PT-7828 series firmware, Version 3.9 or lower | 9.8 | - | 2020-03-24 |
| CVE-2019-6558 | Auto-Maskin 产品安全漏洞 — Auto-Maskin RP210E Versions 3.7 and prior DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App) | 9.1 | - | 2020-03-23 |
| CVE-2018-17906 | Philips iSite PACS和IntelliSpace PACS 信任管理问题漏洞 — Philips iSite and IntelliSpace PACS | 9.8 | - | 2018-11-19 |
| CVE-2017-3186 | 多款ACTi产品安全漏洞 — ACTi D, B, I, and E series cameras | 9.8 | - | 2017-12-15 |
| CVE-2017-7903 | 多款Rockwell Automation产品安全漏洞 — Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 | 9.8 | - | 2017-06-30 |
Vulnerabilities classified as CWE-521 (弱口令要求) represent 111 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.