Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-04 | CVE-2012-5686 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Zpanelcp Zpanel 10.0.1 ZPanel 10.0.1 has insufficient entropy for its password reset process. | 9.8 |
| 2020-02-04 | CVE-2012-5618 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Ushahidi Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens. | 9.8 |
| 2020-01-23 | CVE-2020-7245 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Ctfd Incorrect username validation in the registration process of CTFd v2.0.0 - v2.2.2 allows an attacker to take over an arbitrary account if the username is known and emails are enabled on the CTFd instance. | 9.8 |
| 2020-01-15 | CVE-2009-5025 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Pyforum Project Pyforum 1.0.3 A backdoor (aka BMSA-2009-07) was found in PyForum v1.0.3 where an attacker who knows a valid user email could force a password reset on behalf of that user. | 7.5 |
| 2020-01-05 | CVE-2019-20004 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Intelbras IWR 3000N Firmware 1.8.7 An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. | 8.8 |
| 2019-12-18 | CVE-2019-19844 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in multiple products Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. | 9.8 |
| 2019-11-26 | CVE-2019-17392 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Progress Sitefinity Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled. | 9.8 |
| 2019-11-07 | CVE-2019-18818 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Strapi strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js. | 9.8 |
| 2019-10-24 | CVE-2019-15929 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Craftcms Craft CMS In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them. | 9.8 |
| 2019-10-07 | CVE-2019-15749 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Sitos SIX 6.2.1 SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. | 6.5 |