Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

CVEs (269)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-29933 1Craftcms 1Craft Cms Nov 21, 2024 May 9, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application wh...Show more Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality. Specifically, the attacker must send X-Forwarded-Host to the /index.php?p=admin/actions/users/send-password-reset-email URI. NOTE: the vendor's position is that a customer can already work around this by adjusting the configuration (i.e., by not using the default configuration).Show less
CVE-2022-24892 1Shopware 1Shopware Nov 21, 2024 Apr 28, 2022 N/A· v4 7.5 HIGH· v3 6.8 MEDIUM· v2 Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This make...Show more Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim's account if they somehow gain access to the victims email account and find an unused password reset token in the emails. This issue is fixed in version 5.7.9.Show less
CVE-2022-27157 1Php 1Pearweb Nov 21, 2024 Apr 15, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php.
CVE-2021-43498 1Atutor 1Atutor Nov 21, 2024 Apr 8, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h, form_password_hidden, and form_change HTTP POST parameters are set.
CVE-2022-1073 1Automatic Question Paper Generator System Project 1Automatic Question Paper Generator System Nov 21, 2024 Mar 29, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as critical. An attack leads to privilege escalation. The attack can be launched remotely.
CVE-2022-0777 1Microweber 1Microweber Nov 21, 2024 Mar 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3.
CVE-2022-23619 1Xwiki 1Xwiki Nov 21, 2024 Feb 9, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to guess if a user has an account on the wiki by using the "Forgot your password...Show more XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to guess if a user has an account on the wiki by using the "Forgot your password" form, even if the wiki is closed to guest users. This problem has been patched on XWiki 12.10.9, 13.4.1 and 13.6RC1. Users are advised yo update. There are no known workarounds for this issue.Show less
CVE-2021-27654 1Pega 1Infinity Nov 21, 2024 Jan 28, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Forgotten password reset functionality for local accounts can be used to bypass local authentication checks.
CVE-2022-23855 1Saviynt 1Enterprise Identity Cloud Nov 21, 2024 Jan 24, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An authentication bypass in ECM/maintenance/forgotpasswordstep1 allows an unauthenticated user to reset passwords and login as any local accou...Show more An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An authentication bypass in ECM/maintenance/forgotpasswordstep1 allows an unauthenticated user to reset passwords and login as any local account.Show less
CVE-2021-44839 1Deltarm 1Delta Rm Nov 21, 2024 Jan 18, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in Delta RM 1.2. It is possible to request a new password for any other account using the account ID. Using the /listes/DTsendmaildata/adm_utilisateur/send-mail.json endpoint, a user can send a JS...Show more An issue was discovered in Delta RM 1.2. It is possible to request a new password for any other account using the account ID. Using the /listes/DTsendmaildata/adm_utilisateur/send-mail.json endpoint, a user can send a JSON array with user IDs that will have their passwords reset (and new ones sent to their respective e-mail addresses).Show less
CVE-2022-22691 1Umbraco 1Umbraco Cms Nov 21, 2024 Jan 18, 2022 N/A· v4 7.4 HIGH· v3 4.3 MEDIUM· v2 The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so th...Show more The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset token if/when the link is followed. A related vulnerability (CVE-2022-22690) could allow this flaw to become persistent so that all password reset URLs are affected persistently following a successful attack. See the AppCheck advisory for further information and associated caveats.Show less
CVE-2021-39919 1Gitlab 1Gitlab Nov 21, 2024 Dec 13, 2021 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are acc...Show more In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure.Show less
CVE-2021-44037 1Teampasswordmanager 1Team Password Manager Nov 21, 2024 Nov 19, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning.
CVE-2021-39899 1Gitlab 1Gitlab Nov 21, 2024 Oct 4, 2021 N/A· v4 4.2 MEDIUM· v3 1.9 LOW· v2 In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. There is a rate limit in place, but the attack may still be cond...Show more In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. There is a rate limit in place, but the attack may still be conducted by stealing the session id from the physical compromise of the account and splitting the attack over several IP addresses and passing in the compromised session value from these various locations.Show less
CVE-2021-25961 1Salesagility 1Suitecrm Nov 21, 2024 Sep 29, 2021 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover...Show more In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id.Show less
CVE-2021-36095 1Otrs 1Otrs Nov 21, 2024 Sep 6, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Malicious attacker is able to find out valid user logins by using the "lost password" feature. This issue affects: OTRS AG ((OTRS)) Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 an...Show more Malicious attacker is able to find out valid user logins by using the "lost password" feature. This issue affects: OTRS AG ((OTRS)) Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions.Show less
CVE-2021-25957 1Dolibarr 1Dolibarr Nov 21, 2024 Aug 17, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset l...Show more In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when requested for a forgotten password.Show less
CVE-2021-37693 1Discourse 1Discourse Nov 21, 2024 Aug 13, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta4, when adding additional email addresses to an existing account on a Discourse site an email token is gener...Show more Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta4, when adding additional email addresses to an existing account on a Discourse site an email token is generated as part of the email verification process. Deleting the additional email address does not invalidate an unused token which can then be used in other contexts, including reseting a password.Show less
CVE-2021-37541 1Jetbrains 1Hub Nov 21, 2024 Aug 6, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.
CVE-2021-36708 1Prolink 1Prc2402m Firmware Nov 21, 2024 Aug 6, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router.

Previous 1...8910...14 Next