Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-12 | CVE-2016-8716 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Moxa Awk-3131A Firmware 1.1 An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. | 7.5 |
| 2017-02-03 | CVE-2017-2766 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in EMC Documentum Eroom 7.4.4/7.4.5/7.5.0 EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 9.8 |
| 2017-01-25 | CVE-2017-5594 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Pagekit An issue was discovered in Pagekit CMS before 1.0.11. | 7.5 |
| 2017-01-20 | CVE-2016-7038 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Moodle In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. | 7.3 |
| 2016-12-21 | CVE-2016-2349 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in BMC Remedy Action Request System 8.1/9.0/9.1 Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password. | 7.5 |
| 2016-09-26 | CVE-2016-5997 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in IBM Tealeaf Customer Experience The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not apply password-quality rules to password changes, which makes it easier for remote attackers to obtain access via a brute-force attack. | 6.5 |
| 2016-09-26 | CVE-2016-5996 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in IBM Tealeaf Customer Experience The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not enforce password-length restrictions, which makes it easier for remote attackers to obtain access via a brute-force attack. | 7.5 |