CVEbaza.plSłownik CWECWE-262
Common Weakness Enumeration

CWE-262

Not Using Password Aging

Kategoria: BaseCVE: 6
Opis

Produkt nie posiada mechanizmu do zarządzania starzeniem się hasła. Brak kontroli okresowego wymuszania zmiany haseł stanowi potencjalne zagrożenie bezpieczeństwa.

Description (EN)

The product does not have a mechanism in place for managing password aging.

Podatności CVE z CWE-262 (6)
9.2
CVSS
CRITICAL
CVE-2026-50101

Urządzenia Naxclow wykorzystują stałe, nigdy nierotujące poświadczenia relay przypisane do każdego urządzenia z osobna, które są ponownie wydawane przy każdym uruchomieniu systemu. Ponieważ poświadczenia te pozostają ważne bezterminowo i nie mogą być unieważnione przez uprawnionego właściciela, każda osoba, która je uzyska, może utrzymywać trwały dostęp do kanału relay urządzenia.

pub. 2026-06-12
8.8
CVSS
HIGH
CVE-2022-22767

Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information.

pub. 2022-06-02
5.3
CVSS
MEDIUM
CVE-2025-60010

A password aging vulnerability in the RADIUS client of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to access the device without enforcing the required password change. Affected devices allow logins by users for whom the RADIUS server has responded with a reject and required the user to change the password as their password was expired. Therefore the policy mandating the password change is not enforced. This does not allow users to login with a wrong password, but only with the correct but expired one. This issue affects: Junos OS:  * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S4, * 23.4 versions before 23.4R2-S5, * 24.2 versions before 24.2R2-S1, * 24.4 versions before 24.4R1-S3, 24.4R2; Junos OS Evolved: * all versions before 22.4R3-S8-EVO, * 23.2 versions before 23.2R2-S4-EVO, * 23.4 versions before 23.4R2-S5-EVO, * 24.2 versions before 24.2R2-S1-EVO, * 24.4 versions before 24.4R1-S3-EVO, 24.4R2-EVO.

pub. 2025-10-09
4.3
CVSS
MEDIUM
CVE-2023-2022

An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don't have access to merge

pub. 2023-08-02
4.1
CVSS
MEDIUM
CVE-2025-58435

Open OnDemand is an open-source HPC portal. Prior to versions 3.1.15 and 4.0.7, noVNC interactive applications did not correctly rotate the password when TurboVNC was higher than version 3.1.2. The likelihood of exploitation is low as a user would need to share their link to an active desktop session and the other user would need to be authenticated to the portal. But obtaining the link would allow that user to perform any actions as the original user and access their data. Open OnDemand 3.1.15 and 4.0.7 have patched this vulnerability and correctly rotate passwords for any version of TurboVNC. As a workaround, downgrade TurboVNC to a version lower than 3.1.2.

pub. 2025-09-09
2.7
CVSS
LOW
CVE-2023-1555

An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API.

pub. 2023-09-01
Informacje
ID: CWE-262
Typ: Base
Podatności: 6
MITRE CWE ↗
← Słownik CWE