Weak Password Requirements

CVE-2020-9023

High

7.5/10

Summary

Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords (User bluetooth, password bluetooth; User eclipse, password eclipse). Also, bluetooth is the root password.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

CWE-521 - Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

References

Advisory Timeline

Published Feb 17, 2020

Weak Password Requirements

CVE-2020-9023

Summary

CWE-521 - Weak Password Requirements

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS