Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password

DATE CVE VULNERABILITY TITLE RISK
2021-12-13 CVE-2021-39919 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gitlab
In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure.
local
low complexity
gitlab CWE-640
2.1
2021-12-09 CVE-2021-41694 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Globaldatingsoftware Premiumdatingscript 4.2.7.7
An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via the password change procedure in requests\user.php.
network
low complexity
globaldatingsoftware CWE-640
5.0
2021-11-19 CVE-2021-44037 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Teampasswordmanager Team Password Manager
Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning.
network
low complexity
teampasswordmanager CWE-640
5.0
2021-10-04 CVE-2021-39899 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gitlab
In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function.
local
gitlab CWE-640
1.9
2021-09-29 CVE-2021-25961 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Salesagility Suitecrm
In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id.
6.0
2021-09-06 CVE-2021-36095 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Otrs
Malicious attacker is able to find out valid user logins by using the "lost password" feature.
network
low complexity
otrs CWE-640
5.0
2021-08-17 CVE-2021-25957 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Dolibarr
In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality.
network
low complexity
dolibarr CWE-640
6.5
2021-08-06 CVE-2021-36209 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Jetbrains HUB
In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.
network
low complexity
jetbrains CWE-640
7.5
2021-08-06 CVE-2021-36708 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Prolink Prc2402M Firmware
In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router.
network
low complexity
prolink CWE-640
5.0
2021-08-06 CVE-2021-37541 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Jetbrains HUB
In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.
network
jetbrains CWE-640
4.3