CWE-640

High likelihood

Weak Password Recovery Mechanism for Forgotten Password

Parent: CWE-1390 - Weak Authentication

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

258 vulnerabilities with CWE-640
CVE-2025-43932 CRITICAL
JobCenter <7e7b0b2 - Privilege Escalation
CVSS 9.8
CVE-2025-43931 CRITICAL
flask-boilerplate <a170e7c - Auth Bypass
CVSS 9.8
CVE-2025-52560 HIGH
Kanboard < 1.2.46 - Password Reset Weakness
CVSS 8.1
CVE-2025-6216 CRITICAL
Allegra - Auth Bypass
CVSS 9.8
CVE-2025-6097 MEDIUM
UTT 进取 750W <5.0 - Auth Bypass
CVSS 5.3
CVE-2025-47646 CRITICAL
Gilblas Ngunte Possi PSW Front-end Login & Registration <1.13 - Inf...
CVSS 9.8
CVE-2025-4903 MEDIUM
Dlink Di-7003g Firmware - Password Reset Weakness
CVSS 5.3
CVE-2025-4552 MEDIUM
Continew Admin < 3.6.0 - Password Reset Weakness
CVSS 5.4
CVE-2025-3849 MEDIUM
Yxj2018 Springboot-vue-onlineexam - Password Reset Weakness
CVSS 4.3
CVE-2025-31380 CRITICAL
Paid Videochat Turnkey Site <7.3.11 - Info Disclosure
CVSS 9.8
CVE-2025-29995 HIGH
CAP Back Office - Privilege Escalation
CVE-2025-2093 LOW
Phpgurukul Online Library Management System - Password Reset Weakness
CVSS 3.1
CVE-2025-1570 HIGH
Wpwax Directorist < 8.2 - Password Reset Weakness
CVSS 8.1
CVE-2025-1231 MEDIUM
Dovolations Server <2024.3.10.0 - Privilege Escalation
CVSS 5.4
CVE-2025-22144 CRITICAL
NamelessMC - Privilege Escalation
CVSS 9.8
CVE-2025-0331 MEDIUM
YunzMall <2.4.2 - Info Disclosure
CVSS 5.3
CVE-2024-32642 HIGH
Masacms < 7.2.8 - Origin Validation Error
CVSS 8.8
CVE-2024-43190 MEDIUM
IBM Engineering Requirements Management DOORS 9.7.2.9 - Info Disclo...
CVSS 5.9
CVE-2024-12295 HIGH
BoomBox Theme Extensions <1.8.0 - Privilege Escalation
CVSS 8.8
CVE-2024-12604 MEDIUM
Tap&Sign App <V.1.025 - Info Disclosure
CVSS 6.5
CVE-2024-11350 CRITICAL
AdForest <5.1.6 - Privilege Escalation
CVSS 9.8
CVE-2024-53552 CRITICAL
Crushftp < 10.8.3 - Password Reset Weakness
CVSS 9.8
CVE-2024-47547 CRITICAL
Ruijie Reyee OS <2.320.x - Info Disclosure
CVSS 9.4
CVE-2024-11103 CRITICAL
Contest-gallery Contest Gallery < 24.0.8 - Password Reset Weakness
CVSS 9.8
CVE-2024-45670 MEDIUM
IBM Soar < 51.0.2.0 - Password Reset Weakness
CVSS 5.6
Details
Vulnerabilities 258
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits