Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-06 | CVE-2021-36095 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Otrs Malicious attacker is able to find out valid user logins by using the "lost password" feature. | 5.0 |
| 2021-08-17 | CVE-2021-25957 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Dolibarr In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. | 6.5 |
| 2021-08-06 | CVE-2021-36209 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Jetbrains HUB In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset. | 7.5 |
| 2021-08-06 | CVE-2021-36708 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Prolink Prc2402M Firmware In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router. | 5.0 |
| 2021-08-06 | CVE-2021-37541 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Jetbrains HUB In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible. | 4.3 |
| 2021-08-04 | CVE-2021-36804 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Akaunting Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker knows the target's e-mail address. | 5.8 |
| 2021-08-03 | CVE-2021-33321 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Liferay DXP 7.0 Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3, allows remote attackers to enumerate user email address via the forgot password functionality. | 5.0 |
| 2021-06-11 | CVE-2021-22763 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Schneider-Electric products A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device. | 9.8 |
| 2021-06-08 | CVE-2021-28293 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Seceon Aisiem Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover vulnerability in the Forgot Password feature. | 7.5 |
| 2021-05-26 | CVE-2021-22731 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Schneider-Electric products Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed Switch MCSESM* and MCSESP* V8.21 and prior which could cause an unauthorized password change through HTTP / HTTPS when basic user information is known by a remote attacker. | 7.5 |