CWE-640

High likelihood

Weak Password Recovery Mechanism for Forgotten Password

Parent: CWE-1390 - Weak Authentication

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

258 vulnerabilities with CWE-640
CVE-2023-3007 MEDIUM
Ningzichun Student Management System 1.0 - Weak Password Recovery
CVSS 6.5
CVE-2023-31459 HIGH
Mitel MiVoice Connect <9.6.2208.101 - Privilege Escalation
CVSS 8.8
CVE-2023-28821 MEDIUM
Concrete CMS <9.1 - Info Disclosure
CVSS 5.3
CVE-2023-30466 CRITICAL
Milesight Ms-n5008-uc Firmware - Password Reset Weakness
CVSS 9.8
CVE-2023-31287 HIGH
Serenity Serene <6.7.0 - Info Disclosure
CVSS 7.8
CVE-2022-50910 CRITICAL
Beehive Forum 1.5.2 - Host Header Injection
CVSS 9.8
CVE-2022-42807 MEDIUM
Apple Macos < 13.0 - Password Reset Weakness
CVSS 4.3
CVE-2022-45637 CRITICAL
Megafeis Bofei Dbd+ - Password Reset Weakness
CVSS 9.8
CVE-2022-47697 CRITICAL
Comfast Cf-wr623n Firmware < 2.3.0.1 - Password Reset Weakness
CVSS 9.8
CVE-2022-26872 HIGH
AMI Megarac - Privilege Escalation
CVSS 8.3
CVE-2022-25027 HIGH
Rocketsoftware Trufusion Enterprise < 7.9.5.1 - Authentication Bypass
CVSS 7.5
CVE-2022-47377 CRITICAL
SICK SIM2000ST <1.13.4 - Privilege Escalation
CVSS 9.8
CVE-2022-3485 CRITICAL
IFM Moneo Qha210 Firmware < 1.9.3 - Password Reset Weakness
CVSS 9.8
CVE-2022-44004 CRITICAL
BACKCLICK Professional <5.9.63 - Auth Bypass
CVSS 9.8
CVE-2022-37300 CRITICAL
Schneider-electric Ecostruxure Contro... - Password Reset Weakness
CVSS 9.8
CVE-2022-34530 MEDIUM
Backdropcms Backdrop Cms < 1.22.0 - Password Reset Weakness
CVSS 5.3
CVE-2022-23172 MEDIUM
Priority < 22.0 - Password Reset Weakness
CVSS 5.5
CVE-2022-29174 HIGH
Countly Server <22.03.7, <21.11.4 - Info Disclosure
CVSS 8.1
CVE-2022-29933 HIGH
Craftcms Craft Cms < 3.7.36 - Password Reset Weakness
CVSS 8.8
CVE-2022-24892 MEDIUM
Shopware < 5.7.9 - Password Reset Weakness
CVSS 6.4
CVE-2022-27157 CRITICAL
PHP Pearweb < 1.32.0 - Password Reset Weakness
CVSS 9.8
CVE-2022-1073 HIGH
Automatic Question Paper Generator System - Password Reset Weakness
CVSS 7.3
CVE-2022-0777 HIGH
microweber/microweber <1.3 - Info Disclosure
CVSS 7.5
CVE-2022-23619 MEDIUM
Xwiki < 12.10.9 - Information Disclosure
CVSS 5.3
CVE-2022-23855 CRITICAL
Saviynt EIC <5.5 SP2.x - Auth Bypass
CVSS 9.8
Details
Vulnerabilities 258
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits