PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the password is known.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
References
History
Fri, 06 Feb 2026 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the password is known. | |
| Title | PlaciPy has a Hard-Coded Default Password for All Student Accounts (Account Takeover) | |
| Weaknesses | CWE-259 | |
| References |
| |
| Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-02-06T18:57:31.419Z
Reserved: 2026-02-05T18:35:52.357Z
Link: CVE-2026-25753
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-02-06T19:16:10.473
Modified: 2026-02-06T19:16:10.473
Link: CVE-2026-25753
Redhat
No data.
OpenCVE Enrichment
No data.