password software vulnerabilities
vulnerabilities.aspcode.net
Searching password software vulnerabilities
wu-ftpd FTP daemon allows any user and password
combination
|
password
|
wu-ftpd
|
allows
|
daemon
|
user
|
FTP
|
any
|
wu-ftpd FTP daemon allows any user and password combination.
ControlIT 4.5 and earlier (aka Remotely Possibl
ControlIT
|
earlier
|
ControlIT 4.5 and earlier (aka Remotely Possible) has weak password encryption.
DPEC Online Courseware allows an attacker to ch
Courseware
|
password
|
attacker
|
original
|
another
|
knowing
|
without
|
user's
|
Online
|
allows
|
change
|
DPEC
|
DPEC Online Courseware allows an attacker to change another user's password without knowing the original password.
A service or application has a backdoor passwor
application
|
developer
|
password
|
backdoor
|
service
|
placed
|
there
|
has
|
A service or application has a backdoor password that was placed there by the developer.
A NETBIOS/SMB share password is guessable.
NETBIOS/SMB
|
guessable
|
password
|
share
|
A NETBIOS/SMB share password is guessable.
A NETBIOS/SMB share password is the default, nu
NETBIOS/SMB
|
password
|
missing
|
default
|
share
|
null
|
A NETBIOS/SMB share password is the default, null, or missing.
A Windows NT account policy for passwords has i
security-critical
|
inappropriate
|
uniqueness
|
passwords
|
settings
|
password
|
Windows
|
account
|
policy
|
length
|
has
|
age
|
A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness.
A password for accessing a WWW URL is guessable.
guessable
|
accessing
|
password
|
URL
|
A password for accessing a WWW URL is guessable.
The WebRamp web administration utility has a de
administration
|
password
|
default
|
utility
|
WebRamp
|
web
|
has
|
The WebRamp web administration utility has a default password.
An installation of Red Hat uses DES password en
installation
|
encryption
|
password
|
uses
|
Red
|
Hat
|
DES
|
An installation of Red Hat uses DES password encryption with crypt() for the initial password, instead of md5.
Password Safe 1.7(1) leaves cleartext passwords
Password
|
Safe
|
Password Safe 1.7(1) leaves cleartext passwords in memory when a user copies the password to the clipboard and minimizes Password Safe with the "Clear the password when minimized" and "Lock password database on minimize and promp on restore" options enabled, which could allow an attacker with access to the memory (e.g. an administrator) to read the passwords.
phpRank 1.8 stores the administrative password
administrative
|
plaintext
|
attackers
|
retrieve
|
password
|
phpRank
|
allows
|
remote
|
server
|
stores
|
cookie
|
which
|
"ap"
|
phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password.
Lexar Safe Guard for JumpDrive Secure 1.0 store
insecurely
|
encryption
|
protected
|
JumpDrive
|
password
|
directly
|
access
|
device
|
allows
|
stores
|
Secure
|
memory
|
users
|
drive
|
local
|
Guard
|
using
|
Lexar
|
which
|
part
|
Safe
|
read
|
XOR
|
Lexar Safe Guard for JumpDrive Secure 1.0 stores the password insecurely in memory using XOR encryption, which allows local users to read the password directly from the device and access the password protected part of the drive.
eSeSIX Thintune thin clients running firmware 2
firmware
|
Thintune
|
running
|
clients
|
eSeSIX
|
thin
|
eSeSIX Thintune thin clients running firmware 2.4.38 and earlier accept any password that begins with the actual password, which makes it easier for users to conduct brute force password guessing.
Riverdeep FoolProof Security 3.9.x on Windows 9
cryptography
|
Riverdeep
|
FoolProof
|
Security
|
Windows
|
weak
|
uses
|
39x
|
Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography (arithmetic and XOR operations) to relate the Control password to the Administrator password, which allows local users to calculate the Administrator password if they know the Control password and password recovery key.
The change password functionality in Bottomline
functionality
|
authenticated
|
Application
|
Bottomline
|
passwords
|
Webseries
|
password
|
require
|
Payment
|
remote
|
users'
|
change
|
could
|
allow
|
which
|
users
|
enter
|
other
|
does
|
not
|
old
|
new
|
The change password functionality in Bottomline Webseries Payment Application does not require the old password when users enter a new password, which could allow remote authenticated users to change other users' passwords.
Linksys WET11 1.5.4 allows remote attackers to
Linksys
|
WET11
|
Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html.
Keychain Access in Mac OS X 10.4.2 and earlier
Keychain
|
Access
|
Mac
|
Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password.
Tashcom ASPEdit 2.9 stores the administration p
administration
|
password
|
Tashcom
|
ASPEdit
|
stores
|
Tashcom ASPEdit 2.9 stores the administration password (aka the FTP password) in cleartext in the registry, which might allow local users to view the password.
changePW.php in AV Tutorial Script (avtutorial)
changePWphp
|
Tutorial
|
Script
|
changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter.
Software vulnerabilities results 1 to 20 of 1007
Page:
1
2
3
4
5
...
51
►