Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-24 | CVE-2023-31459 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mitel Mivoice Connect A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does not enforce a password change. | 8.8 |
| 2023-04-28 | CVE-2023-28821 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Concretecms Concrete CMS Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets. | 5.3 |
| 2023-04-28 | CVE-2023-30466 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Milesight products This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. | 9.8 |
| 2023-04-27 | CVE-2023-31287 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Serenity Serene and Startsharp An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. | 7.8 |
| 2023-04-20 | CVE-2021-36436 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mobicint 3.0 An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint. | 5.3 |
| 2023-03-21 | CVE-2022-45637 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Megafeis Bofei Dbd+ 1.4.4 An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism. | 9.8 |
| 2023-01-30 | CVE-2022-26872 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in AMI Megarac Sp-X 12/13 AMI Megarac Password reset interception via API | 8.8 |
| 2023-01-12 | CVE-2022-25027 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Rocketsoftware Trufusion Enterprise The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked. | 7.5 |
| 2022-12-26 | CVE-2020-12067 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Pilz PMC 3.0.0 In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's password may be changed by an attacker without knowledge of the current password. | 7.5 |
| 2022-11-16 | CVE-2022-44004 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Backclick 5.9.63 An issue was discovered in BACKCLICK Professional 5.9.63. | 9.8 |