Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-21 | CVE-2017-12161 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Keycloak It was found that keycloak before 3.4.2 final would permit misuse of a client-side /etc/hosts entry to spoof a URL in a password reset request. | 4.3 |
| 2018-01-31 | CVE-2017-8916 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Cisecurity Cis-Cat PRO Dashboard In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administrative access. | 4.6 |
| 2018-01-30 | CVE-2017-1000141 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mahara An issue was discovered in Mahara before 18.10.0. | 6.4 |
| 2018-01-02 | CVE-2017-17097 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gps-Server GPS Tracking Software gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password. | 5.0 |
| 2017-10-24 | CVE-2015-5172 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in multiple products Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links. | 7.5 |
| 2017-10-17 | CVE-2017-14005 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Prominent Multiflex M10A Controller Firmware An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. | 6.5 |
| 2017-09-11 | CVE-2015-4689 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Ellucian Banner Student Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset arbitrary passwords via unspecified vectors, aka "Weak Password Reset." | 5.0 |
| 2017-08-24 | CVE-2015-7257 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in ZTE Zxv10 W300 Firmware W300V2.1.0Fer7Peo57/W300V2.1.0Her7Peo57 ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin". | 8.5 |
| 2017-08-14 | CVE-2017-12851 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Kanboard An authenticated standard user could reset the password of the admin by altering form data. | 4.0 |
| 2017-08-14 | CVE-2017-12850 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Kanboard An authenticated standard user could reset the password of other users (including the admin) by altering form data. | 4.0 |