Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-03 | CVE-2021-33321 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Liferay DXP 7.0 Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3, allows remote attackers to enumerate user email address via the forgot password functionality. | 7.5 |
| 2021-06-08 | CVE-2021-28293 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Seceon Aisiem Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover vulnerability in the Forgot Password feature. | 9.8 |
| 2021-05-11 | CVE-2021-31912 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset. | 8.8 |
| 2021-05-06 | CVE-2021-28128 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Strapi In Strapi through 3.6.0, the admin panel allows the changing of one's own password without entering the current password. | 8.1 |
| 2021-03-23 | CVE-2021-29080 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Netgear products Certain NETGEAR devices are affected by password reset by an unauthenticated attacker. | 8.1 |
| 2021-01-19 | CVE-2021-25323 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Misp 2.4.136 The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password. | 9.1 |
| 2021-01-04 | CVE-2020-5361 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Dell CPG Bios Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. | 7.6 |
| 2020-12-24 | CVE-2020-28186 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Terra-Master TOS Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the forget password functionality and achieve account takeover. | 7.3 |
| 2020-12-04 | CVE-2020-27408 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Os4Ed Opensis 7.3/7.6 OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users. | 7.5 |
| 2020-10-27 | CVE-2020-27179 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Konzept-Ix Publixone konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens. | 9.8 |