目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1310 CNY

100%
コーヒーを一杯おごる

CWE-521 弱口令要求 类漏洞列表 113

CWE-521 弱口令要求 类弱点 113 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-521 属于弱密码要求漏洞,指系统未强制用户设置高强度密码。攻击者常利用此缺陷,通过暴力破解或字典攻击轻易猜解凭证,从而获取未授权访问权限。开发者应避免此类风险,实施强制密码策略,如设定最小长度、要求包含大小写字母、数字及特殊字符,并引入多因素认证,以显著提升账户安全性。

MITRE CWE 官方描述
CWE:CWE-521 Weak Password Requirements 英文:The product does not require that users should have strong passwords. 中文:该产品未要求用户使用强密码(strong passwords)。
常见影响 (1)
Access ControlGain Privileges or Assume Identity
An attacker could easily guess user passwords and gain access user accounts.
缓解措施 (4)
Architecture and DesignA product's design should require adherance to an appropriate password policy. Specific password requirements depend strongly on contextual factors, but it is recommended to contain the following attributes: Enforcement of a minimum and maximum length Restrictions against password reuse Restrictions against using common passwords Restrictions against using contextual string in the password (e.g., …
Architecture and DesignConsider a second authentication factor beyond the password, which prevents the password from being a single point of failure. See CWE-308 for further information.
ImplementationConsider implementing a password complexity meter to inform users when a chosen password meets the required attributes.
ImplementationPreviously, "password expiration" was widely advocated as a defense-in-depth approach to minimize the risk of weak passwords, and it has become a common practice. Password expiration requires a password to be changed within a fixed time window (such as every 90 days). However, this approach has significant limitations in the current threat landscape, and…
Effectiveness: Discouraged Common Practice
CVE IDタイトルCVSS深刻度公開日
CVE-2024-40684 IBM Operations Analytics - Log Analysis is affected by Weak Password Policy and Inadequate Account Lockout Mechanism — Operations Analytics - Log Analysis 5.9 Medium2026-05-27
CVE-2026-9394 Besen BS20 EV Charging Station Bluetooth Low Energy weak password — BS20 EV Charging Station 3.1 Low2026-05-24
CVE-2026-41038 Weak Password Policy Vulnerability in Quantum Networks Router QN-I-470 — Router QN-I-470 8.8AIHighAI2026-04-21
CVE-2026-6284 Horner Automation Cscape and XL4, XL7 PLC Weak password requirements — Cscape 9.1 Critical2026-04-17
CVE-2026-33771 CTP OS: Configuring password requirements does not work which permits the use of weak passwords — CTP OS 7.4 High2026-04-09
CVE-2026-34203 Nautobot: Management of users via REST API does not apply configured password validators — nautobot 2.7 Low2026-03-31
CVE-2025-55269 HCL Aftermarket DPC is affected by Weak Password Policy vulnerability — Aftermarket DPC 4.2 Medium2026-03-26
CVE-2026-27575 Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change — vikunja 9.1 Critical2026-02-25
CVE-2026-25715 Jinan USR IOT Technology Limited (PUSR) USR-W610 Weak Password Requirements — USR-W610 9.8 Critical2026-02-20
CVE-2026-1408 Beetel 777VR1 UART weak password — 777VR1 2.0 Low2026-01-25
CVE-2025-55252 HCL AION is affected by a Weak Password Policy vulnerability — AION 3.1 Low2026-01-19
CVE-2025-68963 Huawei EMUI和Huawei HarmonyOS 安全漏洞 — HarmonyOS 5.7 Medium2026-01-14
CVE-2025-23408 Apache Fineract: weak password policy — Apache Fineract 9.8AICriticalAI2025-12-12
CVE-2025-67513 FreePBX Endpoint Manager's Weak Default Password Allows Unauthenticated Access in Endpoint Module REST API — endpoint 9.8AICriticalAI2025-12-10
CVE-2025-65014 LibreNMS has Weak Password Policy — librenms 3.7 Low2025-11-18
CVE-2025-55034 General Industrial Controls Lynx+ Gateway Weak Password Requirements — Lynx+ Gateway 8.2 High2025-11-14
CVE-2025-12552 Insufficient Password Policy — BLU-IC2 9.8 -2025-10-31
CVE-2025-11200 MLflow Weak Password Requirements Authentication Bypass Vulnerability — MLflow 9.8AICriticalAI2025-10-29
CVE-2025-12364 Weak Password Policy — BLU-IC2 9.8AICriticalAI2025-10-27
CVE-2025-11322 Mangati NovoSGA User Creation new weak password — NovoSGA 3.7 Low2025-10-06
CVE-2023-49883 IBM Transformation Extender Advanced information disclosure — Transformation Extender Advanced 5.9 Medium2025-10-01
CVE-2025-9964 Weak Authentication for Root User — P series (P07, P10, P12, P15) 6.8AIMediumAI2025-09-23
CVE-2025-10320 iteachyou Dreamer CMS updatePwd weak password — Dreamer CMS 3.1 Low2025-09-12
CVE-2025-9514 macrozheng mall Registration weak password — mall 3.7 Low2025-08-27
CVE-2025-55299 VaulTLS has a password-based login exploit in additional user accounts — VaulTLS 9.4 Critical2025-08-18
CVE-2025-8549 atjiu pybbs UserAdminController.java update weak password — pybbs 3.7 Low2025-08-05
CVE-2019-19145 Quantum SuperLoader 3 安全漏洞 — SuperLoader 5.8 Medium2025-08-01
CVE-2025-8182 Tenda AC18 Samba smb.conf weak password — AC18 5.6 Medium2025-07-26
CVE-2025-5022 Mitsubishi Electric PV-DR004J 安全漏洞 — PV-DR004J 6.5 Medium2025-07-10
CVE-2025-34058 Hikvision Streaming Media Management Server Default Credentials and Authenticated Arbitrary File Read — Streaming Media Management Server 6.5AIMediumAI2025-07-01

CWE-521(弱口令要求) 是常见的弱点类别,本平台收录该类弱点关联的 113 条 CVE 漏洞。