Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

CVEs (269)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-10081 1Cmsmadesimple 1Cms Made Simple Nov 21, 2024 Apr 13, 2018 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring.
CVE-2014-6412 1Wordpress 1Wordpress Nov 21, 2024 Apr 12, 2018 N/A· v4 8.1 HIGH· v3 5.0 MEDIUM· v2 WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.
CVE-2018-0787 1Microsoft 1Asp.net Core Nov 21, 2024 Mar 14, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".
CVE-2017-12161 1Keycloak 1Keycloak Nov 21, 2024 Feb 21, 2018 N/A· v4 8.8 HIGH· v3 4.3 MEDIUM· v2 It was found that keycloak before 3.4.2 final would permit misuse of a client-side /etc/hosts entry to spoof a URL in a password reset request. An attacker could use this flaw to craft a malicious password reset request...Show more It was found that keycloak before 3.4.2 final would permit misuse of a client-side /etc/hosts entry to spoof a URL in a password reset request. An attacker could use this flaw to craft a malicious password reset request and gain a valid reset token, leading to information disclosure or further attacks.Show less
CVE-2017-8916 1Cisecurity 1Cis Cat Pro Dashboard Nov 21, 2024 Jan 31, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administ...Show more In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administrative access.Show less
CVE-2017-1000141 1Mahara 1Mahara Nov 21, 2024 Jan 30, 2018 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could discontinue a user's ability to maintain their own account (changing username, changing primary email address, deleting account). T...Show more An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could discontinue a user's ability to maintain their own account (changing username, changing primary email address, deleting account). The correct behavior was to either prompt them for their password and/or send a warning to their primary email address.Show less
CVE-2017-17097 1Gps Server 1Gps Tracking Software Nov 21, 2024 Jan 2, 2018 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to t...Show more gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password. This is related to the use of gmdate for password creation in fn_connect.php.Show less
CVE-2015-5172 2Cloudfoundry Pivotal Software 3Cf Release Cloud Foundry Elastic RuntimeCloud Foundry Uaa May 13, 2026 Oct 24, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.
CVE-2017-14005 1Prominent 1Multiflex M10a Controller Firmware May 13, 2026 Oct 17, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a user, the application does not require the user to know the original password. An...Show more An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a user, the application does not require the user to know the original password. An attacker who is authenticated could change a user's password, enabling future access and possible configuration changes.Show less
CVE-2015-4689 1Ellucian 1Banner Student May 13, 2026 Sep 11, 2017 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset arbitrary passwords via unspecified vectors, aka "Weak Password Reset."
CVE-2015-7257 1Zte 1Zxv10 W300 Firmware May 13, 2026 Aug 24, 2017 N/A· v4 7.5 HIGH· v3 8.5 HIGH· v2 ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changi...Show more ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin".Show less
CVE-2017-7551 1Fedoraproject 1389 Directory Server May 13, 2026 Aug 16, 2017 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.
CVE-2017-12851 1Kanboard 1Kanboard May 13, 2026 Aug 14, 2017 N/A· v4 8.8 HIGH· v3 4.0 MEDIUM· v2 An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.
CVE-2017-12850 1Kanboard 1Kanboard May 13, 2026 Aug 14, 2017 N/A· v4 8.8 HIGH· v3 4.0 MEDIUM· v2 An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.
CVE-2017-8613 1Microsoft 1Azure Active Directory Connect May 13, 2026 Jun 29, 2017 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Azure AD Connect Eleva...Show more Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Azure AD Connect Elevation of Privilege Vulnerability."Show less
CVE-2017-7629 1Qnap 1Qts May 13, 2026 Jun 15, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function.
CVE-2017-9543 1Echatserver 1Easy Chat Server May 13, 2026 Jun 12, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.
CVE-2017-7731 1Fortinet 1Fortiportal May 13, 2026 May 27, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature.
CVE-2015-3189 2Cloudfoundry Pivotal Software 3Cf Release Cloud Foundry Elastic RuntimeCloud Foundry Uaa May 13, 2026 May 25, 2017 N/A· v4 3.7 LOW· v3 4.3 MEDIUM· v2 With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes...Show more With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.Show less
CVE-2017-8295 1Wordpress 1Wordpress May 13, 2026 May 4, 2017 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword req...Show more WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of the SERVER_NAME variable in wp-includes/pluggable.php in conjunction with the PHP mail function. Exploitation is not achievable in all cases because it requires at least one of the following: (1) the attacker can prevent the victim from receiving any e-mail messages for an extended period of time (such as 5 days), (2) the victim's e-mail system sends an autoresponse containing the original message, or (3) the victim manually composes a reply containing the original message.Show less

Previous 1...10 11 121314 Next