Vulnerabilities > Alfresco > Reset Password

DATE CVE VULNERABILITY TITLE RISK
2020-09-18 CVE-2020-15181 Unspecified vulnerability in Alfresco Reset Password
The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision.
network
low complexity
alfresco
critical
 9.8
9.8
2020-09-17 CVE-2020-25728 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Alfresco Reset Password
The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account.
network
low complexity
alfresco CWE-640
8.8
8.8