CVE-2023-37756

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-521
View all →

Vulnerability Description

I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack.

Related Vulnerabilities

CVE-2017-1196

CRITICAL
CVSS:9.8(Critical)

IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: ...

CWE-5212017

CVE-2017-1221

CRITICAL
CVSS:9.8(Critical)

IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force I...

CWE-5212017

CVE-2017-12861

CRITICAL
CVSS:9.8(Critical)

The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only th...

CWE-5212017

CVE-2017-14189

CRITICAL
CVSS:9.8(Critical)

An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password.

CWE-5212017

CVE-2017-1601

CRITICAL
CVSS:9.8(Critical)

IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compro...

CWE-5212017

CVE-2017-18857

CRITICAL
CVSS:9.8(Critical)

The NETGEAR Insight application before 2.42 for Android and iOS is affected by password mismanagement.

CWE-5212017