Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password

DATE CVE VULNERABILITY TITLE RISK
2024-08-06 CVE-2024-6203 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Haloservicesolutions Haloitsm
HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability.
network
low complexity
haloservicesolutions CWE-640
8.1
2024-07-25 CVE-2024-38287 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Rhubcom Turbomeeting
The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value.
network
low complexity
rhubcom CWE-640
critical
9.8
2024-06-16 CVE-2024-38468 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Guoxinled Synthesis Image System
Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API.
network
low complexity
guoxinled CWE-640
critical
9.8
2024-06-10 CVE-2024-36407 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Salesagility Suitecrm
SuiteCRM is an open-source Customer Relationship Management (CRM) software application.
network
low complexity
salesagility CWE-640
6.5
2024-06-03 CVE-2024-5404 An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak password recovery mechanism.
network
low complexity
CWE-640
critical
9.8
2024-02-13 CVE-2024-22454 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Dell Powerprotect Data Manager
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords.
network
low complexity
dell CWE-640
8.8
2024-01-13 CVE-2024-0491 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Huaxiaerp Huaxia ERP
A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1.
network
low complexity
huaxiaerp CWE-640
7.5
2024-01-12 CVE-2023-7028 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
network
low complexity
gitlab CWE-640
critical
9.8
2024-01-11 CVE-2024-0425 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Foru CMS Project Foru CMS 20200623
A vulnerability classified as critical was found in ForU CMS up to 2020-06-23.
network
low complexity
foru-cms-project CWE-640
7.5
2024-01-10 CVE-2023-50172 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Wwbn Avideo 15Fed957Fb
A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb.
network
low complexity
wwbn CWE-640
5.3