Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/
Weak Credentials
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Weak Credentials
This page lists
38 vulnerabilities
in this category.
Critical: 1
High: 24
Medium: 11
Low: 1
Information: 1
Vulnerability Name
CVE
CWE
Severity
ASP.NET ViewState Weak Validation Key
-
CWE-321
Critical
BottlePy weak secret key
-
CWE-693
High
Weak WordPress security key
-
CWE-16
High
Symfony weak application secret
-
CWE-94
High
Unrestricted access to Haproxy Data Plane API
-
CWE-200
High
Symfony RCE via weak/predictable APP_SECRET
-
CWE-94
High
SonarQube default credentials
-
CWE-798
High
Apache Tapestry weak secret key
-
CWE-693
High
Ruby framework weak secret key
-
CWE-693
High
Oracle PeopleSoft SSO weak secret key
-
CWE-693
High
Devise weak password
-
CWE-200
High
JWT Signature Bypass via None Algorithm
-
CWE-345
High
Apache Axis2 administration console weak password
-
CWE-200
High
Ruby on Rails weak/known secret token
CVE-2013-0156
CWE-200
High
Webmail weak password
-
CWE-200
High
GlassFish admin console weak credentials
-
CWE-693
High
IBM WebSphere administration console weak password
-
CWE-200
High
Jenkins weak password
-
CWE-200
High
SAP weak/predictable user credentials
-
CWE-200
High
Weak password
-
CWE-200
High
WebLogic admin console weak credentials
-
CWE-693
High
Weak Secret is Used to Sign JWT
-
CWE-345
High
Web application default/weak credentials
-
CWE-200
High
PrimeFaces 5.x Expression Language injection
CVE-2017-1000486
-
High
phpLiteAdmin default password
-
CWE-200
High
Mojolicious weak secret key
-
CWE-693
Medium
Tornado weak secret key
-
CWE-693
Medium
Django weak secret key
-
CWE-693
Medium
Web2py weak secret key
-
CWE-693
Medium
Yii2 weak secret key
-
CWE-693
Medium
Laravel framework weak secret key
-
CWE-693
Medium
Play framework weak secret key
-
CWE-693
Medium
Pyramid framework weak secret key
-
CWE-693
Medium
Flask weak secret key
-
CWE-693
Medium
Express cookie-session weak secret key
-
CWE-693
Medium
Cookie signed with weak secret key
-
CWE-693
Medium
Jira Projects accessible anonymously
-
CWE-200
Low
Express express-session weak secret key
-
CWE-693
Information
