Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-03 | CVE-2017-0921 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gitlab GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised. | 6.8 |
| 2018-06-26 | CVE-2018-1000554 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Trovebox Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in user component that can result in Password reset. | 5.0 |
| 2018-06-26 | CVE-2018-1000501 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Instant-Update Instant Update CMS Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application/controllers/administration/auth.php that can result in Account Tackover. | 7.5 |
| 2018-06-14 | CVE-2018-12421 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Ltb-Project Ldap Tool BOX Self Service Password LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string. | 5.0 |
| 2018-06-08 | CVE-2018-8916 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Synology Diskstation Manager Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification. | 4.0 |
| 2018-05-31 | CVE-2018-11134 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Quest Kace System Management Appliance 8.0.318 In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. | 9.0 |
| 2018-04-25 | CVE-2018-10210 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Vaultize Enterprise File Sharing 17.05.31 An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. | 5.0 |
| 2018-04-13 | CVE-2018-10081 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring. | 5.0 |
| 2018-04-12 | CVE-2014-6412 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Wordpress WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach. | 5.0 |
| 2018-03-14 | CVE-2018-0787 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Microsoft Asp.Net Core 1.0/1.1/2.0 ASP.NET Core 1.0. | 6.8 |