Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password

DATE CVE VULNERABILITY TITLE RISK
2023-09-19 CVE-2023-4096 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Fujitsu Arconte Aurea 1.5.0.0
Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which exploitation could allow an attacker to perform a brute force attack on the emailed PIN number in order to change the password of a legitimate user.
network
low complexity
fujitsu CWE-640
8.2
2023-09-04 CVE-2023-3222 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password Recovery Project Password Recovery 1.2
Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token.
network
low complexity
password-recovery-project CWE-640
7.5
2023-06-28 CVE-2023-26615 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Dlink Dir-823G Firmware 1.02B05
D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management password.
network
low complexity
dlink CWE-640
7.5
2023-05-31 CVE-2023-3007 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Kabir-M-Alhasan Student Management System 1.0
A vulnerability was found in ningzichun Student Management System 1.0.
network
low complexity
kabir-m-alhasan CWE-640
critical
9.8
2023-05-24 CVE-2023-31459 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mitel Mivoice Connect
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does not enforce a password change.
low complexity
mitel CWE-640
8.8
2023-04-28 CVE-2023-28821 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Concretecms Concrete CMS
Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets.
network
low complexity
concretecms CWE-640
5.3
2023-04-28 CVE-2023-30466 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Milesight products
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface.
network
low complexity
milesight CWE-640
critical
9.8
2023-04-27 CVE-2023-31287 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Serenity Serene and Startsharp
An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0.
local
low complexity
serenity CWE-640
7.8
2023-04-20 CVE-2021-36436 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mobicint 3.0
An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint.
network
low complexity
mobicint CWE-640
5.3
2023-03-21 CVE-2022-45637 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Megafeis Bofei Dbd+ 1.4.4
An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism.
network
low complexity
megafeis CWE-640
critical
9.8