CWE-640

High likelihood

Weak Password Recovery Mechanism for Forgotten Password

Parent: CWE-1390 - Weak Authentication

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

272 vulnerabilities with CWE-640
CVE-2017-7629 HIGH
QNAP QTS < 4.2.6 - Weak Password Recovery Mechanism
CVSS 7.5
CVE-2017-9543 HIGH
EFS Software Easy Chat Server <3.1 - RCE
CVSS 7.5
CVE-2017-7731 HIGH
Fortinet FortiPortal <4.0.0 - Info Disclosure
CVSS 7.5
CVE-2017-8295 MEDIUM
WordPress <= 4.7.4 - Unauthenticated Weak Password Recovery Mechanism via Host Header Manipulation
CVSS 5.9
CVE-2017-8385 MEDIUM
Craft CMS < 2.6.2976 - Weak Password Recovery Mechanism via Forgot-Password Email URL
CVSS 5.3
CVE-2017-7615 HIGH
MantisBT < 2.3.0 - Unauthenticated Arbitrary Password Reset via Empty Confirm Hash
CVSS 8.8
CVE-2017-2766 CRITICAL
EMC Documentum eRoom 7.4.4-7.4.4 SP1 and < 7.4.5 P04 - Unauthenticated Password Change
CVSS 9.8
CVE-2017-5594 HIGH
Pagekit < 1.0.11 - Unauthenticated Password Reset via Debug Toolbar
CVSS 7.5
CVE-2016-8716 HIGH
Moxa AWK-3131A <1.1 - Info Disclosure
CVSS 7.5
CVE-2016-7038 HIGH
Moodle 2.x and 3.x - Weak Password Recovery Mechanism
CVSS 7.3
CVE-2016-2349 HIGH
BMC Remedy AR System Server 8.1 SP 2, 9.0, 9.0 SP 1, 9.1 - Weak Password Recovery Mechanism via Blank Previous Password
CVSS 7.5
CVE-2016-5997 MEDIUM
IBM Tealeaf Customer Experience <9.0.1-9.0.2 - Info Disclosure
CVSS 6.5
CVE-2016-5996 HIGH
IBM Tealeaf Customer Experience <9.0.1.1117 - Info Disclosure
CVSS 7.5
CVE-2015-10071 LOW
gitter-badger ezpublish-modern-legacy - Weak Password Recovery
CVSS 2.6
CVE-2015-5172 CRITICAL
Cloud Foundry Runtime cf-release < 216 - Weak Password Recovery Mechanism
CVSS 9.8
CVE-2015-4689 CRITICAL
Ellucian Banner Student 8.5.1.2-8.7 - Weak Password Recovery Mechanism
CVSS 9.8
CVE-2015-7257 HIGH
ZTE Zxv10 W300 Firmware - Password Reset Weakness
CVSS 7.5
CVE-2015-3189 LOW
Cloud Foundry Runtime <v208, UAA Standalone <2.2.5, Pivotal Cloud F...
CVSS 3.7
CVE-2014-6412 HIGH
WordPress < 4.4.0 - Weak Password Recovery Token Generation
CVSS 8.1
CVE-2012-5686 CRITICAL
ZPanel 10.0.1 - Weak Password Recovery Mechanism
CVSS 9.8
CVE-2012-5618 CRITICAL
Ushahidi < 2.6.1 - Weak Password Recovery Mechanism for Forgotten Password
CVSS 9.8
CVE-2009-5025 HIGH
PyForum 1.0.3 - Unauthenticated Password Reset via Email
CVSS 7.5
Details
Vulnerabilities 272
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits