Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-11 | CVE-2015-4689 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Ellucian Banner Student Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset arbitrary passwords via unspecified vectors, aka "Weak Password Reset." | 9.8 |
| 2017-08-24 | CVE-2015-7257 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in ZTE Zxv10 W300 Firmware W300V2.1.0Fer7Peo57/W300V2.1.0Her7Peo57 ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin". | 7.5 |
| 2017-08-14 | CVE-2017-12851 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Kanboard An authenticated standard user could reset the password of the admin by altering form data. | 8.8 |
| 2017-08-14 | CVE-2017-12850 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Kanboard An authenticated standard user could reset the password of other users (including the admin) by altering form data. | 8.8 |
| 2017-06-29 | CVE-2017-8613 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Microsoft Azure Active Directory Connect 1.1.524.0 Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Azure AD Connect Elevation of Privilege Vulnerability." | 8.1 |
| 2017-06-15 | CVE-2017-7629 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Qnap QTS QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function. | 7.5 |
| 2017-06-12 | CVE-2017-9543 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Echatserver Easy Chat Server register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm. | 7.5 |
| 2017-05-27 | CVE-2017-7731 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Fortinet Fortiportal A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature. | 7.5 |
| 2017-05-25 | CVE-2015-3189 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in multiple products With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. | 3.7 |
| 2017-05-04 | CVE-2017-8295 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Wordpress WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. | 5.9 |