Skip to main content

Weak Password Requirements

CVE-2021-28914

Severity Medium
Score 4.3/10

Summary

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to set a weak password because the strength is shown in configuration tool, but finally not enforced. This is usable and part of an attack chain to gain SSH root access.

  • MEDIUM
  • NETWORK
  • NONE
  • NONE
  • PARTIAL
  • NONE

CWE-521 - Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

References

Advisory Timeline

  • Published