CWE-640

High likelihood

Weak Password Recovery Mechanism for Forgotten Password

Parent: CWE-1390 - Weak Authentication

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

272 vulnerabilities with CWE-640
CVE-2024-6125 HIGH
WordPress Login with phone number <1.7.34 - Info Disclosure
CVSS 8.1
CVE-2024-38468 CRITICAL
Shenzhen Guoxin Synthesis <8.3.0 - Info Disclosure
CVSS 9.8
CVE-2024-36407 LOW
SuiteCRM <7.14.4-8.6.1 - Info Disclosure
CVSS 3.7
CVE-2024-5277 HIGH
lunary < 1.4.9 - Weak Password Recovery Mechanism via Reusable Reset Token
CVSS 7.5
CVE-2024-5404 CRITICAL
ifm moneo appliance QVA200 QHA210 QHA300 and moneo for Microsoft Windows < 1.13 - Unauthenticated Admin Password Change
CVSS 9.8
CVE-2024-33530 HIGH
Jitsi Meet < 9391 - Unauthenticated Meeting Password Disclosure via Lobby Invitation
CVSS 7.5
CVE-2024-27899 HIGH
NetWeaver AS Java - Info Disclosure
CVSS 8.8
CVE-2024-2862 CRITICAL
LG LED Assistant - Unauthenticated Password Reset
CVSS 9.1
CVE-2024-2463 HIGH
CDeX < 5.71 - Weak Password Recovery Mechanism
CVSS 8.0
CVE-2024-24903 HIGH
Dell Policy Manager For Secure Connect Gateway < 5.22.00.16 - Password Reset Weakness
CVSS 8.0
CVE-2024-22454 HIGH
Dell PowerProtect Data Manager <19.15 - Privilege Escalation
CVSS 8.8
CVE-2024-0491 MEDIUM
Huaxia ERP <3.1 - Weak Password Recovery
CVSS 5.3
CVE-2024-0425 MEDIUM
ForU CMS < 2020-06-23 - Weak Password Recovery Mechanism in Admin Password Reset
CVSS 5.3
CVE-2024-0186 LOW
HuiRan Host Reseller System < 2.0.0 - Weak Password Recovery via HTTP POST Request Handler
CVSS 3.7
CVE-2023-53958 HIGH
LDAP Tool Box Self Service Password 1.5.2 - SSRF
CVSS 7.5
CVE-2023-7264 HIGH
Build App Online <= 1.0.22 - Unauthenticated Account Takeover via Weak Password Reset Code
CVSS 8.1
CVE-2023-35717 HIGH
TP-Link Tapo C210 Firmware - Authentication Bypass via Weak Password Derivation
CVSS 8.8
CVE-2023-7028 CRITICAL KEV
GitLab Password Reset Account Takeover
CVSS 10.0
CVE-2023-50172 MEDIUM
WWBN AVideo - Recovery Notification Bypass via Captcha Validation
CVSS 5.3
CVE-2023-49589 HIGH
WWBN AVideo - Weak Password Recovery Mechanism in userRecoverPass.php
CVSS 8.8
CVE-2023-42481 HIGH
SAP Commerce Cloud HY_COM 1905-2205, COM_CLOUD 2211 - Weak Password Recovery
CVSS 8.1
CVE-2023-49097 HIGH
ZITADEL 2.39.0-2.39.8 - Unauthenticated Account Takeover via Password Reset Link Manipulation
CVSS 8.1
CVE-2023-4214 HIGH
AppPresser <4.2.5 - Info Disclosure
CVSS 8.1
CVE-2023-5959 MEDIUM
Byzoro Smart S85F Management Platform V31R02B10-01 - Weak Password Recovery Mechanism via txt_newpwd Parameter
CVSS 4.3
CVE-2023-47107 HIGH
PILOS 2.0.0-2.2.9 - Password Reset Token Disclosure via Host Header Manipulation
CVSS 8.8
Details
Vulnerabilities 272
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits