Weak Password Requirements

CVE-2021-38462

High

9.8/10

Summary

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users and perform operations on their behalf.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-521 - Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

References

Advisory Timeline

Published Oct 19, 2021

Weak Password Requirements

CVE-2021-38462

Summary

CWE-521 - Weak Password Requirements

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS