Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password

DATE CVE VULNERABILITY TITLE RISK
2017-06-12 CVE-2017-9543 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Echatserver Easy Chat Server
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.
network
low complexity
echatserver CWE-640
7.5
2017-05-27 CVE-2017-7731 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Fortinet Fortiportal
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature.
network
low complexity
fortinet CWE-640
7.5
2017-05-25 CVE-2015-3189 Weak Password Recovery Mechanism for Forgotten Password vulnerability in multiple products
With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one.
network
high complexity
pivotal-software cloudfoundry CWE-640
3.7
2017-05-04 CVE-2017-8295 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Wordpress
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server.
network
high complexity
wordpress CWE-640
5.9
2017-05-01 CVE-2017-8385 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Craftcms Craft CMS
Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.
network
low complexity
craftcms CWE-640
5.3
2017-04-16 CVE-2017-7615 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mantisbt
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
network
low complexity
mantisbt CWE-640
8.8
2017-04-12 CVE-2016-8716 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Moxa Awk-3131A Firmware 1.1
An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1.
high complexity
moxa CWE-640
7.5
2017-02-03 CVE-2017-2766 Weak Password Recovery Mechanism for Forgotten Password vulnerability in EMC Documentum Eroom 7.4.4/7.4.5/7.5.0
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc CWE-640
critical
9.8
2017-01-25 CVE-2017-5594 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Pagekit
An issue was discovered in Pagekit CMS before 1.0.11.
network
high complexity
pagekit CWE-640
7.5
2017-01-20 CVE-2016-7038 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Moodle
In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.
network
low complexity
moodle CWE-640
7.3