Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password

DATE CVE VULNERABILITY TITLE RISK
2022-07-06 CVE-2022-23172 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Priority-Software Priority
An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user.
network
low complexity
priority-software CWE-640
4.0
2022-05-17 CVE-2022-29174 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Count Countly Server
countly-server is the server-side part of Countly, a product analytics solution.
network
count CWE-640
6.8
2022-05-09 CVE-2022-29933 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Craftcms Craft CMS
Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality.
network
craftcms CWE-640
6.8
2022-04-28 CVE-2022-24892 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Shopware
Shopware is an open source e-commerce software platform.
network
shopware CWE-640
6.8
2022-04-15 CVE-2022-27157 Weak Password Recovery Mechanism for Forgotten Password vulnerability in PHP Pearweb
pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php.
network
low complexity
php CWE-640
7.5
2022-04-08 CVE-2021-43498 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Atutor 2.2.4
An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h, form_password_hidden, and form_change HTTP POST parameters are set.
network
low complexity
atutor CWE-640
5.0
2022-03-29 CVE-2022-1073 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Automatic Question Paper Generator System Project Automatic Question Paper Generator System 1.0
A vulnerability was found in Automatic Question Paper Generator 1.0.
7.5
2022-03-01 CVE-2022-0777 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Microweber
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3.
network
low complexity
microweber CWE-640
5.0
2022-02-09 CVE-2022-23619 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki CWE-640
5.0
2022-01-28 CVE-2021-27654 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Pega Infinity
Forgotten password reset functionality for local accounts can be used to bypass local authentication checks.
local
low complexity
pega CWE-640
4.6