Rapid7 Vulnerability & Exploit Database

Multiple users using the same password

Back to Search

Multiple users using the same password

Severity
6
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:N)
Published
03/03/2005
Created
07/25/2018
Added
03/03/2005
Modified
06/16/2020

Description

Multiple users on the same service were found sharing the same password. When passwords are administratively assigned, they should always be distinct from passwords on other accounts. If passwords are not administratively assigned, then there is a slim possibility that two users have independently chosen the same password. However, in such cases, the password tends to be one that easy to guess (because it has occurred to more than person to use it).

Solution(s)

  • change-user-shared-passwords

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;