Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Weak Credentials

This page lists 38 vulnerabilities in this category.

Critical: 1 High: 24 Medium: 11 Low: 1 Information: 1
Vulnerability Name
CVE
CWE
Severity
ASP.NET ViewState Weak Validation Key
-
CWE-321
Critical
BottlePy weak secret key
-
CWE-693
High
Weak WordPress security key
-
CWE-16
High
Symfony weak application secret
-
CWE-94
High
Unrestricted access to Haproxy Data Plane API
-
CWE-200
High
Symfony RCE via weak/predictable APP_SECRET
-
CWE-94
High
SonarQube default credentials
-
CWE-798
High
Apache Tapestry weak secret key
-
CWE-693
High
Ruby framework weak secret key
-
CWE-693
High
Oracle PeopleSoft SSO weak secret key
-
CWE-693
High
Devise weak password
-
CWE-200
High
JWT Signature Bypass via None Algorithm
-
CWE-345
High
Apache Axis2 administration console weak password
-
CWE-200
High
Ruby on Rails weak/known secret token
CVE-2013-0156
CWE-200
High
Webmail weak password
-
CWE-200
High
GlassFish admin console weak credentials
-
CWE-693
High
IBM WebSphere administration console weak password
-
CWE-200
High
Jenkins weak password
-
CWE-200
High
SAP weak/predictable user credentials
-
CWE-200
High
Weak password
-
CWE-200
High
WebLogic admin console weak credentials
-
CWE-693
High
Weak Secret is Used to Sign JWT
-
CWE-345
High
Web application default/weak credentials
-
CWE-200
High
PrimeFaces 5.x Expression Language injection
CVE-2017-1000486
-
High
phpLiteAdmin default password
-
CWE-200
High
Mojolicious weak secret key
-
CWE-693
Medium
Tornado weak secret key
-
CWE-693
Medium
Django weak secret key
-
CWE-693
Medium
Web2py weak secret key
-
CWE-693
Medium
Yii2 weak secret key
-
CWE-693
Medium
Laravel framework weak secret key
-
CWE-693
Medium
Play framework weak secret key
-
CWE-693
Medium
Pyramid framework weak secret key
-
CWE-693
Medium
Flask weak secret key
-
CWE-693
Medium
Express cookie-session weak secret key
-
CWE-693
Medium
Cookie signed with weak secret key
-
CWE-693
Medium
Jira Projects accessible anonymously
-
CWE-200
Low
Express express-session weak secret key
-
CWE-693
Information