Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-20 | CVE-2018-18871 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gigasetpro Maxwell Basic Firmware 2.22.7 Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with firmware 2.22.7 would allow a remote attacker (in the same network as the device) to change the admin password without authentication (and without knowing the original password). | 5.0 |
| 2018-12-20 | CVE-2018-1000812 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Artica Integria IMS Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. | 4.3 |
| 2018-12-04 | CVE-2018-12315 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Asustor Data Master 3.1.1 Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password. | 4.0 |
| 2018-11-30 | CVE-2018-7811 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Schneider-Electric products An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server | 5.0 |
| 2018-11-30 | CVE-2018-7809 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Schneider-Electric products An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server. | 6.4 |
| 2018-10-03 | CVE-2018-17881 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in D-Link Dir-823G Firmware On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change. | 9.8 |
| 2018-09-23 | CVE-2018-17401 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Phonepe 3.0.6/3.3.26 The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by exploiting its Forgot Password feature. | 8.8 |
| 2018-09-21 | CVE-2018-17298 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Enalean Tuleap An issue was discovered in Enalean Tuleap before 10.5. | 5.0 |
| 2018-08-20 | CVE-2018-12579 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Oxid-Esales Eshop An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0. | 6.8 |
| 2018-07-27 | CVE-2017-2614 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Redhat Enterprise Virtualization 4.0 When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. | 2.1 |