Tabit – password enumeration. Description: Tabit – password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 – Rate limiting.
CWE-521
CVE-2022-34615
Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks.
CVE-2022-3376
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.
CVE-2022-3326
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9.
CVE-2022-3268
Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2.
CVE-2022-32513
A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller – LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller – LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller – 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller – 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller – 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller – 5500AC2 (Versions prior to V1.10.0)