Skip to main content

CWE-258

Empty Password in Configuration File

8 CVEs Avg CVSS 8.3 MITRE
4
CRITICAL
1
HIGH
3
MEDIUM
0
LOW
2
POC
0
KEV

Monthly

CVE-2025-9276 CRITICAL Act Now

Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes Cockroach K8S Request Cert CockroachDB
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2025-4395 MEDIUM This Month

Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2024-35137 MEDIUM This Month

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Docker Security Access Manager
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2024-4106 MEDIUM This Month

A vulnerability has been found in FAST/TOOLS and CI Server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-28744 HIGH This Week

The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-39439 CRITICAL Act Now

SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Commerce Cloud Commerce Hycom
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2019-5021 CRITICAL POC Act Now

Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Information Disclosure Docker Alpine Leap Big Ip Controller
NVD
CVSS 3.1
9.8
EPSS
6.3%
CVE-2018-17914 CRITICAL POC Act Now

InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Indusoft Web Studio Edge Intouch Machine Edition 2014
NVD
CVSS 3.1
9.8
EPSS
4.6%
EPSS 1% CVSS 9.8
CRITICAL Act Now

Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes Cockroach K8S Request Cert +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM This Month

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Docker +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability has been found in FAST/TOOLS and CI Server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Commerce Cloud +1
NVD
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Information Disclosure Docker Alpine +2
NVD
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Indusoft Web Studio Edge +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy