Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

CVEs (269)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-42807 1Apple 1Macos Dec 6, 2024 Jun 23, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A user may accidentally add a participant to a Shared Album by pressing the Delete key
CVE-2023-3007 1Kabir M Alhasan 1Student Management System Apr 22, 2025 May 31, 2023 N/A· v4 9.8 CRITICAL· v3 6.4 MEDIUM· v2 A vulnerability was found in ningzichun Student Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file resetPassword.php of the component Password Reset Han...Show more A vulnerability was found in ningzichun Student Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file resetPassword.php of the component Password Reset Handler. The manipulation of the argument sid leads to weak password recovery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230354 is the identifier assigned to this vulnerability.Show less
CVE-2023-31459 1Mitel 1Mivoice Connect Jan 31, 2025 May 24, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative...Show more A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands.Show less
CVE-2023-28821 1Concretecms 1Concrete Cms Jan 30, 2025 Apr 28, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets.
CVE-2023-30466 1Milesight 21Ms N1004 Uc Firmware Ms N1004 Upc FirmwareMs N1008 Uc Firmware+18 more Nov 21, 2024 Apr 28, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based managemen...Show more This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device. Successful exploitation of this vulnerability could allow remote attacker to account takeover on the targeted device. Show less
CVE-2023-31287 1Serenity 2Serene Startsharp Jan 31, 2025 Apr 27, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the passwo...Show more An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3 hours after issuance and is sent as a query parameter when resetting. An attacker with access to the browser history can thus use the token again to change the password in order to take over the account.Show less
CVE-2021-36436 1Mobicint 1Mobicint Feb 5, 2025 Apr 20, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint.
CVE-2022-45637 1Megafeis 1Bofei Dbd+ Feb 26, 2025 Mar 21, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism.
CVE-2022-47697 1Comfast Project 1Cf Wr623n Firmware Mar 27, 2025 Jan 31, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Account takeover. Anyone can reset the password of the admin accounts.
CVE-2022-26872 1Ami 1Megarac Sp X Nov 21, 2024 Jan 30, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 AMI Megarac Password reset interception via API
CVE-2015-10071 1Gitter 1Ez Publish Modern Legacy Nov 21, 2024 Jan 19, 2023 N/A· v4 7.5 HIGH· v3 1.4 LOW· v2 A vulnerability was found in gitter-badger ezpublish-modern-legacy. It has been rated as problematic. This issue affects some unknown processing of the file kernel/user/forgotpassword.php. The manipulation leads to weak...Show more A vulnerability was found in gitter-badger ezpublish-modern-legacy. It has been rated as problematic. This issue affects some unknown processing of the file kernel/user/forgotpassword.php. The manipulation leads to weak password recovery. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.0 is able to address this issue. The patch is named 5908d5ee65fec61ce0e321d586530461a210bf2a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218951.Show less
CVE-2022-25027 1Rocketsoftware 1Trufusion Enterprise Apr 8, 2025 Jan 12, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?"...Show more The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked.Show less
CVE-2020-12067 1Pilz 1Pmc Apr 14, 2025 Dec 26, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's password may be changed by an attacker without knowledge of the current password.
CVE-2022-47377 1Sick 1Sim2000 Firmware Apr 16, 2025 Dec 16, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the...Show more Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.13.4 as soon as possible (available in SICK Support Portal).Show less
CVE-2022-3485 1Ifm 2Moneo Qha200 Firmware Moneo Qha210 Firmware Nov 21, 2024 Dec 12, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number and thus gain full control of the device.
CVE-2022-44004 1Backclick 1Backclick Apr 30, 2025 Nov 16, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in BACKCLICK Professional 5.9.63. Due to insecure design or lack of authentication, unauthenticated attackers can complete the password-reset process for any account and set a new password.
CVE-2022-37300 1Schneider Electric 36Ecostruxure Control Expert Ecostruxure Process ExpertModicon M340 Bmxp341000 Firmware+33 more Nov 21, 2024 Sep 12, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: Eco...Show more A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP and BMEH*) (V3.20 and prior).Show less
CVE-2022-34530 1Backdropcms 1Backdrop Cms Nov 21, 2024 Aug 1, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.
CVE-2022-23172 1Priority Software 1Priority Nov 21, 2024 Jul 6, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. This way you can verify which us...Show more An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. This way you can verify which users are in the system and which are not.Show less
CVE-2022-29174 1Count 1Countly Server Nov 21, 2024 May 17, 2022 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the databas...Show more countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the database is capable of guessing the password reset token. The actor may use this information to reset the password and take over the account. The problem has been patched in Countly Server version 22.03.7 for servers using the new user interface and in 21.11.4 for servers using the old user interface.Show less

Previous 1...789...14 Next