Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-23 | CVE-2020-7245 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Ctfd Incorrect username validation in the registration process of CTFd v2.0.0 - v2.2.2 allows an attacker to take over an arbitrary account if the username is known and emails are enabled on the CTFd instance. | 9.8 |
| 2020-01-15 | CVE-2009-5025 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Pyforum Project Pyforum 1.0.3 A backdoor (aka BMSA-2009-07) was found in PyForum v1.0.3 where an attacker who knows a valid user email could force a password reset on behalf of that user. | 7.5 |
| 2020-01-05 | CVE-2019-20004 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Intelbras IWR 3000N Firmware 1.8.7 An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. | 8.8 |
| 2019-12-18 | CVE-2019-19844 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in multiple products Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. | 9.8 |
| 2019-11-26 | CVE-2019-17392 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Progress Sitefinity Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled. | 9.8 |
| 2019-11-07 | CVE-2019-18818 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Strapi strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js. | 7.5 |
| 2019-10-24 | CVE-2019-15929 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Craftcms Craft CMS In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them. | 5.0 |
| 2019-10-07 | CVE-2019-15749 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Sitos SIX 6.2.1 SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. | 4.3 |
| 2019-10-01 | CVE-2019-14955 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Jetbrains HUB In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented. | 5.0 |
| 2019-09-10 | CVE-2019-12943 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Ttlock TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names. | 8.1 |