Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-28 | CVE-2018-16529 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Forcepoint Email Security 8.5.0/8.5.3 A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. | 9.8 |
| 2019-03-21 | CVE-2018-19488 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Wp-Jobhunt Project Wp-Jobhunt The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_reset_pass() function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user's account. | 9.8 |
| 2019-02-13 | CVE-2018-0696 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Osstech Openam OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors. | 7.5 |
| 2018-12-20 | CVE-2018-18871 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gigasetpro Maxwell Basic Firmware 2.22.7 Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with firmware 2.22.7 would allow a remote attacker (in the same network as the device) to change the admin password without authentication (and without knowing the original password). | 9.8 |
| 2018-12-20 | CVE-2018-1000812 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Artica Integria IMS 5.0 Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. | 8.1 |
| 2018-12-04 | CVE-2018-12315 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Asustor Data Master 3.1.1 Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password. | 6.5 |
| 2018-11-30 | CVE-2018-7811 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Schneider-Electric products An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server | 9.8 |
| 2018-11-30 | CVE-2018-7809 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Schneider-Electric products An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server. | 9.8 |
| 2018-10-03 | CVE-2018-17881 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in D-Link Dir-823G Firmware On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change. | 9.8 |
| 2018-09-23 | CVE-2018-17401 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Phonepe 3.0.6/3.3.26 The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by exploiting its Forgot Password feature. | 8.8 |