Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password

DATE CVE VULNERABILITY TITLE RISK
2023-06-28 CVE-2023-26615 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Dlink Dir-823G Firmware 1.02B05
D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management password.
network
low complexity
dlink CWE-640
7.5
2023-05-31 CVE-2023-3007 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Student Management System Project Student Management System 1.0
A vulnerability was found in ningzichun Student Management System 1.0.
network
low complexity
student-management-system-project CWE-640
critical
9.8
2023-05-24 CVE-2023-31459 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mitel Mivoice Connect
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does not enforce a password change.
low complexity
mitel CWE-640
8.8
2023-04-28 CVE-2023-28821 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Concretecms Concrete CMS
Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets.
network
low complexity
concretecms CWE-640
5.3
2023-04-28 CVE-2023-30466 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Milesight products
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface.
network
low complexity
milesight CWE-640
critical
9.8
2023-04-27 CVE-2023-31287 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Serenity Serene and Startsharp
An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0.
local
low complexity
serenity CWE-640
7.8
2023-04-20 CVE-2021-36436 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mobicint 3.0
An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint.
network
low complexity
mobicint CWE-640
5.3
2023-01-30 CVE-2022-26872 Weak Password Recovery Mechanism for Forgotten Password vulnerability in AMI Megarac Sp-X 12/13
AMI Megarac Password reset interception via API
network
low complexity
ami CWE-640
8.8
2023-01-19 CVE-2015-10071 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gitter EZ Publish Modern Legacy
A vulnerability was found in gitter-badger ezpublish-modern-legacy.
network
low complexity
gitter CWE-640
7.5
2023-01-12 CVE-2022-25027 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Rocketsoftware Trufusion Enterprise
The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked.
network
low complexity
rocketsoftware CWE-640
7.5