threat
engine
.sh
Back
·
··:··
Home
/
CWE
/
Weak Password Requirements
Weakness
Weak Password Requirements
CWE-521 · Base · Draft
The product does not require that users should have strong passwords.
△
Weakness Relationships
Where this weakness sits in the CWE hierarchy. Walk up to broader classes or down to more specific variants.
Parent of this (broader)
ChildOf
CWE-1391 · Use of Weak Credentials
ChildOf
CWE-287 · Improper Authentication
Children (more specific)
ParentOf
CWE-258 · Empty Password in Configuration File
◆
Attack Patterns (CAPEC)
9
How adversaries exploit this weakness, per MITRE CAPEC.
CAPEC-112
Brute Force
CAPEC-16
Dictionary-based Password Attack
CAPEC-49
Password Brute Forcing
CAPEC-509
Kerberoasting
CAPEC-55
Rainbow Table Password Cracking
CAPEC-555
Remote Services with Stolen Credentials
CAPEC-561
Windows Admin Shares with Stolen Credentials
CAPEC-565
Password Spraying
CAPEC-70
Try Common or Default Usernames and Passwords
⚠
CVEs With This Weakness
303
A sample of the 303 CVEs tagged with this weakness.
CVE
CVE-2026-6284
CVE
CVE-2026-6284
CVE
CVE-2026-41038
CVE
CVE-2026-34203
CVE
CVE-2026-33771
CVE
CVE-2026-27575
CVE
CVE-2026-25715
CVE
CVE-2026-1408
CVE
CVE-2025-9964
CVE
CVE-2025-9514
CVE
CVE-2025-8549
CVE
CVE-2025-8182
◉
Nuclei Scanner Templates
2
Open-source Nuclei templates that detect this weakness class - an actionable scan-for-it pivot. Licensed under the ProjectDiscovery / Nuclei terms.
critical
Jfrog Artifactory <6.17.0 - Default Admin Password
high
RabbitMQ AMQP - Default Login
External lookups - second-class, for what we don’t hold ourselves
MITRE CWE
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin