CWE-521

Tabit – password enumeration. Description: Tabit – password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 – Rate limiting.

Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks.

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9.

Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2.

A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller – LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller – LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller – 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller – 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller – 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller – 5500AC2 (Versions prior to V1.10.0)