CWE-640

High likelihood

Weak Password Recovery Mechanism for Forgotten Password

Parent: CWE-1390 - Weak Authentication

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

272 vulnerabilities with CWE-640
CVE-2023-46138 LOW
JumpServer <3.8.0 - Info Disclosure
CVSS 3.7
CVE-2023-5840 HIGH
linkstack < 4.2.9 - Weak Password Recovery Mechanism
CVSS 8.8
CVE-2023-44399 MEDIUM
ZITADEL < 2.37.3 - Username Enumeration via Password Reset Flow
CVSS 5.3
CVE-2023-5296 MEDIUM
rockoa 1.1/2.3.2/15.X3amdi - Weak Password Recovery Mechanism in Password Handler
CVSS 4.3
CVE-2023-43650 HIGH
fit2cloud jumpserver 2.0.0-2.28.20 - Weak Password Recovery Mechanism for Forgotten Password
CVSS 8.2
CVE-2023-4096 HIGH
Fujitsu Arconte Áurea 1.5.0.0 - Auth Bypass
CVSS 8.6
CVE-2023-34357 HIGH
Soar Cloud Ltd. HR Portal - Weak Password Recovery Mechanism via Persistent Reset Link
CVSS 7.8
CVE-2023-3222 HIGH
Password Recovery plugin for Roundcube 1.2 - Weak Password Recovery Mechanism via Unlimited Token Guessing
CVSS 7.5
CVE-2023-4448 MEDIUM
OpenRapid RapidCMS 1.3.1 - Weak Password Recovery Mechanism in admin/run-movepass.php
CVSS 6.3
CVE-2023-35134 HIGH
Weintek Weincloud v0.13.6 - Weak Password Recovery Mechanism via JWT Token
CVSS 7.4
CVE-2023-29145 HIGH
Malwarebytes Endpoint Detection and Response < 1.0.11 - Unauthenticated Arbitrary Code Execution
CVSS 7.8
CVE-2023-36487 CRITICAL
ILIAS 7.0-7.20 and 8.0-8.1 - Weak Password Recovery Mechanism
CVSS 9.8
CVE-2023-26615 HIGH
D-Link DIR-823G <1.02B05 - Privilege Escalation
CVSS 7.5
CVE-2023-28202 MEDIUM
iPadOS < 16.5 - Weak Password Recovery Mechanism for Forgotten Password
CVSS 5.5
CVE-2023-3007 MEDIUM
Ningzichun Student Management System 1.0 - Weak Password Recovery
CVSS 6.5
CVE-2023-31459 HIGH
Mitel MiVoice Connect <9.6.2208.101 - Privilege Escalation
CVSS 8.8
CVE-2023-28821 MEDIUM
Concrete CMS <9.1 - Info Disclosure
CVSS 5.3
CVE-2023-30466 CRITICAL
Milesight 4K/H.265 Series NVR Firmware - Weak Password Recovery Mechanism
CVSS 9.8
CVE-2023-31287 HIGH
Serenity Serene <6.7.0 - Info Disclosure
CVSS 7.8
CVE-2022-50910 CRITICAL
Beehive Forum 1.5.2 - Host Header Injection
CVSS 9.8
CVE-2022-42807 MEDIUM
macOS < 13.0 - Unintended Shared Album Participant Addition via Delete Key
CVSS 4.3
CVE-2022-45637 CRITICAL
MEGAFEIS BOFEI DBD+ 1.4.4 - Weak Password Recovery Mechanism via Insecure Expiry
CVSS 9.8
CVE-2022-47697 CRITICAL
COMFAST CF-WR623N Firmware < 2.3.0.1 - Unauthenticated Account Takeover via Weak Password Recovery
CVSS 9.8
CVE-2022-26872 HIGH
AMI Megarac SP-X - Weak Password Recovery Mechanism via API
CVSS 8.3
CVE-2022-25027 HIGH
Rocket TRUfusion Enterprise < 7.9.5.1 - Authentication Bypass via Forgotten Password Session Token Validation
CVSS 7.5
Details
Vulnerabilities 272
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits