Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-30 | CVE-2017-1000141 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mahara An issue was discovered in Mahara before 18.10.0. | 6.5 |
| 2018-01-02 | CVE-2017-17097 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gps-Server GPS Tracking Software gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password. | 9.8 |
| 2017-10-24 | CVE-2015-5172 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in multiple products Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links. | 9.8 |
| 2017-10-17 | CVE-2017-14005 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Prominent Multiflex M10A Controller Firmware An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. | 8.8 |
| 2017-09-11 | CVE-2015-4689 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Ellucian Banner Student Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset arbitrary passwords via unspecified vectors, aka "Weak Password Reset." | 9.8 |
| 2017-08-24 | CVE-2015-7257 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in ZTE Zxv10 W300 Firmware W300V2.1.0Fer7Peo57/W300V2.1.0Her7Peo57 ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin". | 7.5 |
| 2017-08-14 | CVE-2017-12851 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Kanboard An authenticated standard user could reset the password of the admin by altering form data. | 8.8 |
| 2017-08-14 | CVE-2017-12850 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Kanboard An authenticated standard user could reset the password of other users (including the admin) by altering form data. | 8.8 |
| 2017-06-29 | CVE-2017-8613 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Microsoft Azure Active Directory Connect 1.1.524.0 Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Azure AD Connect Elevation of Privilege Vulnerability." | 8.1 |
| 2017-06-15 | CVE-2017-7629 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Qnap QTS QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function. | 7.5 |