目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-1393 类漏洞列表 28

CWE-1393 类弱点 28 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-1393 指软件在关键功能中使用默认密码的漏洞。攻击者常利用此缺陷,通过尝试常见默认凭据直接获取系统访问权限,从而绕过身份验证机制。为防范此类风险,开发者应在产品出厂或部署时强制要求用户修改默认密码,或在首次登录时实施不可跳过的密码重置流程,确保所有账户均使用高强度且唯一的凭证,从根本上消除因默认配置导致的安全隐患。

MITRE CWE 官方描述
CWE:CWE-1393 使用默认密码(Use of Default Password) 英文:该产品对潜在的关键功能使用了默认密码。 产品在设计时采用默认密码进行认证是一种常见做法。其理由是为了简化制造过程或系统管理员在企业环境中进行安装和部署的任务。然而,如果管理员未更改默认密码,则攻击者将更容易快速绕过多个组织的认证。从万维网上可以轻易获取许多默认密码列表以及默认密码扫描工具。
常见影响 (1)
AuthenticationGain Privileges or Assume Identity
缓解措施 (4)
RequirementsProhibit use of default, hard-coded, or other values that do not vary for each installation of the product - especially for separate organizations.
Effectiveness: High
DocumentationEnsure that product documentation clearly emphasizes the presence of default passwords and provides steps for the administrator to change them.
Effectiveness: Limited
Architecture and DesignForce the administrator to change the credential upon installation.
Effectiveness: High
Installation, OperationThe product administrator could change the defaults upon installation or during operation.
Effectiveness: Moderate
代码示例 (1)
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these…
CVE ID标题CVSS风险等级Published
CVE-2026-8672 Avantra 安全漏洞 — Avantra 5.1 Medium2026-05-22
CVE-2026-33784 Juniper Networks Support Insights Virtual Lightweight Collector 安全漏洞 — JSI LWC 9.8 Critical2026-04-09
CVE-2025-14917 IBM WebSphere Application Server Liberty 安全漏洞 — WebSphere Application Server - Liberty 6.7 Medium2026-03-25
CVE-2026-3186 Sz-Admin 安全漏洞 — sz-boot-parent 6.3 Medium2026-02-25
CVE-2026-2635 MLflow 安全漏洞 — MLflow 9.8AICriticalAI2026-02-20
CVE-2026-24429 Tenda W30E 安全漏洞 — W30E V2 9.8AICriticalAI2026-01-26
CVE-2025-66050 Vivotek IP7137 安全漏洞 — IP7137 9.8 -2026-01-09
CVE-2025-8077 NeuVector 安全漏洞 — neuvector 9.8 Critical2025-09-17
CVE-2025-43799 Liferay Portal和Liferay DXP 安全漏洞 — Portal 8.2AIHighAI2025-09-15
CVE-2025-9589 Cudy WR1200EA 安全漏洞 — WR1200EA 2.5 Low2025-08-28
CVE-2025-43021 HP Poly Clariti Manager 安全漏洞 — Poly Clariti Manager 7.5 -2025-07-22
CVE-2025-2766 70mai A510 安全漏洞 — A510 8.8AIHighAI2025-06-06
CVE-2024-13966 ZKTeco BioTime 安全漏洞 — BioTime 7.3 High2025-05-27
CVE-2025-27690 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 9.8 Critical2025-04-10
CVE-2025-2921 Netis Systems WF-2404 安全漏洞 — WF-2404 6.4 Medium2025-03-28
CVE-2024-49559 Dell SmartFabric OS10 安全漏洞 — SmartFabric OS10 Software 8.8 High2025-03-17
CVE-2025-2347 IROAD FX2 安全漏洞 — Dash Cam FX2 6.3 Medium2025-03-16
CVE-2025-26701 Percona PMM Server 安全漏洞 — Monitoring and Management 10.0 Critical2025-03-11
CVE-2025-1878 i-Drive i11和i-Drive i12 安全漏洞 — i11 3.1 Low2025-03-03
CVE-2025-26793 Hirsch Enterphone MESH 安全漏洞 — Enterphone MESH 9.1 -2025-02-15
CVE-2024-51555 ABB ASPECT 安全漏洞 — ASPECT-Enterprise 10.0 Critical2024-12-05
CVE-2024-50588 HASOMED Elefant 安全漏洞 — Elefant 8.8 -2024-11-08
CVE-2023-45249 Acronis Cyber Infrastructure 安全漏洞 — Acronis Cyber Infrastructure 9.8AICriticalAI2024-07-24
CVE-2023-43042 IBM Storage Virtualize 安全漏洞 — Storage Virtualize 7.5 High2023-12-14
CVE-2023-32090 Pegasystem PEGA Platform 授权问题漏洞 — Pega Platform 9.8 Critical2023-08-07
CVE-2023-28094 Pegasystem PEGA Platform 安全漏洞 — Pega Platform 8.1 High2023-06-22
CVE-2023-25131 PowerPanel Business 安全漏洞 — PowerPanel Business Local / Remote 9.4 Critical2023-04-24
CVE-2022-4126 ABB RCCMD 授权问题漏洞 — RCCMD 9.6 Critical2023-03-27

CWE-1393 是常见的弱点类别,本平台收录该类弱点关联的 28 条 CVE 漏洞。