Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-06-12 | CVE-2017-9543 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Echatserver Easy Chat Server register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm. | 7.5 |
2017-05-27 | CVE-2017-7731 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Fortinet Fortiportal A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature. | 7.5 |
2017-05-25 | CVE-2015-3189 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in multiple products With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. | 3.7 |
2017-05-04 | CVE-2017-8295 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Wordpress WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. | 5.9 |
2017-05-01 | CVE-2017-8385 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Craftcms Craft CMS Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message. | 5.3 |
2017-04-16 | CVE-2017-7615 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mantisbt MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. | 8.8 |
2017-04-12 | CVE-2016-8716 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Moxa Awk-3131A Firmware 1.1 An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. | 7.5 |
2017-02-03 | CVE-2017-2766 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in EMC Documentum Eroom 7.4.4/7.4.5/7.5.0 EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 9.8 |
2017-01-25 | CVE-2017-5594 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Pagekit An issue was discovered in Pagekit CMS before 1.0.11. | 7.5 |
2017-01-20 | CVE-2016-7038 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Moodle In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. | 7.3 |