Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-17 | CVE-2019-12476 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Zohocorp Manageengine Adselfservice Plus 4.5/5.0 An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. | 6.8 |
| 2019-05-02 | CVE-2018-16988 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Xdmod Open Xdmod An issue was discovered in Open XDMoD through 7.5.0. | 9.8 |
| 2019-04-22 | CVE-2019-11414 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Intelbras IWR 3000N Firmware 1.5.0 An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. | 8.8 |
| 2019-04-22 | CVE-2019-11393 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tildeslash Monit An issue was discovered in /admin/users/update in M/Monit before 3.7.3. | 9.8 |
| 2019-04-17 | CVE-2019-10641 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Contao CMS Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password. | 9.8 |
| 2019-03-28 | CVE-2018-16529 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Forcepoint Email Security 8.5.0/8.5.3 A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. | 9.8 |
| 2019-03-21 | CVE-2018-19488 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Wp-Jobhunt Project Wp-Jobhunt The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_reset_pass() function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user's account. | 9.8 |
| 2019-02-13 | CVE-2018-0696 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Osstech Openam OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors. | 7.5 |
| 2018-12-20 | CVE-2018-18871 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gigasetpro Maxwell Basic Firmware 2.22.7 Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with firmware 2.22.7 would allow a remote attacker (in the same network as the device) to change the admin password without authentication (and without knowing the original password). | 9.8 |
| 2018-12-20 | CVE-2018-1000812 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Artica Integria IMS 5.0 Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. | 8.1 |