Weak Password Requirements

CVE-2025-22390

High

7.5/10

Summary

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate complexity to resist modern attack techniques such as password spraying or offline password cracking.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-521 - Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

References

Advisory Timeline

Published Jan 04, 2025

Weak Password Requirements

CVE-2025-22390

Summary

CWE-521 - Weak Password Requirements

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS