Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-18 | CVE-2019-19844 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in multiple products Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. | 9.8 |
| 2019-11-26 | CVE-2019-17392 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Progress Sitefinity Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled. | 9.8 |
| 2019-11-07 | CVE-2019-18818 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Strapi strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js. | 9.8 |
| 2019-10-24 | CVE-2019-15929 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Craftcms Craft CMS In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them. | 9.8 |
| 2019-10-07 | CVE-2019-15749 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Sitos SIX 6.2.1 SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. | 6.5 |
| 2019-10-01 | CVE-2019-14955 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Jetbrains HUB In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented. | 5.3 |
| 2019-09-10 | CVE-2019-12943 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Ttlock TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names. | 8.1 |
| 2019-07-10 | CVE-2019-13240 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Glpi-Project Glpi An issue was discovered in GLPI before 9.4.1. | 5.9 |
| 2019-06-21 | CVE-2019-10270 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Ultimatemember Ultimate Member An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress. | 8.8 |
| 2019-06-19 | CVE-2019-3787 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Pivotal Software Cloud Foundry Uaa-Release Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. | 8.8 |