ClassIncomplete

CWE-1391Use of Weak Credentials

Category: auth

Description

The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker.

Common consequences· 1

  • Access Control — Bypass Protection Mechanism
    An adversary could bypass intended authentication restrictions.

Potential mitigations· 1

  • [Architecture and Design, Operation]When the user changes or sets a password, check the password against a database of already compromised or breached passwords. These passwords are likely to be used in password guessing attacks.

References

  1. https://cwe.mitre.org/data/definitions/1391.html

(incoming)9

TypeTargetConfidenceTier
VulnerabilityCVE-2025-30519cve-2025-305190%live
VulnerabilityCVE-2025-53558cve-2025-535580%live
VulnerabilityCVE-2025-6077cve-2025-60770%live
VulnerabilityCVE-2025-67114cve-2025-671140%live
VulnerabilityCVE-2026-22886cve-2026-228860%live
VulnerabilityCVE-2026-22910cve-2026-229100%live
VulnerabilityCVE-2026-23853cve-2026-238530%live
VulnerabilityCVE-2026-39920cve-2026-399200%live
VulnerabilityCVE-2026-44351cve-2026-443510%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Use of Hard-coded Credentials
CWE
Use of Hard-coded Password
CWE
Insufficiently Protected Credentials
CWE
Use of Default Credentials
CWE
Weak Authentication
CWE
Use of Hard-coded Cryptographic Key
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.