Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-04 | CVE-2018-12315 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Asustor Data Master 3.1.1 Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password. | 4.0 |
| 2018-11-30 | CVE-2018-7811 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Schneider-Electric products An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server | 5.0 |
| 2018-11-30 | CVE-2018-7809 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Schneider-Electric products An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server. | 6.4 |
| 2018-10-03 | CVE-2018-17881 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in D-Link Dir-823G Firmware On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change. | 9.8 |
| 2018-09-23 | CVE-2018-17401 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Phonepe 3.0.6/3.3.26 The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by exploiting its Forgot Password feature. | 8.8 |
| 2018-09-21 | CVE-2018-17298 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Enalean Tuleap An issue was discovered in Enalean Tuleap before 10.5. | 5.0 |
| 2018-08-20 | CVE-2018-12579 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Oxid-Esales Eshop An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0. | 6.8 |
| 2018-07-27 | CVE-2017-2614 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Redhat Enterprise Virtualization 4.0 When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. | 2.1 |
| 2018-07-03 | CVE-2017-0921 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gitlab GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised. | 6.8 |
| 2018-06-26 | CVE-2018-1000554 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Trovebox Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in user component that can result in Password reset. | 5.0 |