Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password

DATE CVE VULNERABILITY TITLE RISK
2021-01-19 CVE-2021-25323 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Misp 2.4.136
The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password.
network
low complexity
misp CWE-640
6.4
2021-01-04 CVE-2020-5361 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Dell CPG Bios
Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords.
local
low complexity
dell CWE-640
7.2
2020-12-24 CVE-2020-28186 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Terra-Master TOS
Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the forget password functionality and achieve account takeover.
6.8
2020-11-05 CVE-2020-15949 Weak Password Recovery Mechanism FOR Forgotten Password vulnerability in Immuta 2.8.2
Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover.
network
low complexity
immuta CWE-640
5.0
2020-10-27 CVE-2020-27179 Weak Password Recovery Mechanism FOR Forgotten Password vulnerability in Konzept-Ix Publixone
konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens.
network
low complexity
konzept-ix CWE-640
7.5
2020-10-05 CVE-2020-26061 Weak Password Recovery Mechanism FOR Forgotten Password vulnerability in Clickstudios Passwordstate 8.3
ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authentication bypass vulnerability.
network
low complexity
clickstudios CWE-640
5.0
2020-09-17 CVE-2020-25728 Weak Password Recovery Mechanism FOR Forgotten Password vulnerability in Alfresco Reset Password
The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account.
network
low complexity
alfresco CWE-640
6.5
2020-09-03 CVE-2020-25105 Weak Password Recovery Mechanism FOR Forgotten Password vulnerability in Eramba 2.19.3/2.8.1
eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recovery token (createHash has only a million possibilities).
network
low complexity
eramba CWE-640
5.0
2020-07-01 CVE-2020-5899 Weak Password Recovery Mechanism FOR Forgotten Password vulnerability in F5 Nginx Controller
In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address of another registered user then retrieve the recovery code.
local
low complexity
f5 CWE-640
4.6
2020-06-29 CVE-2019-18256 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Biotronik products
BIOTRONIK CardioMessenger II, The affected products use individual per-device credentials that are stored in a recoverable format.
2.1