CWE-640

High likelihood

Weak Password Recovery Mechanism for Forgotten Password

Parent: CWE-1390 - Weak Authentication

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

258 vulnerabilities with CWE-640
CVE-2020-37172 MEDIUM
AVideo Platform 8.1 - CSRF
CVSS 5.3
CVE-2020-37158 MEDIUM
AVideo Platform 8.1 - CSRF
CVSS 5.3
CVE-2020-12067 HIGH
Pilz Pmc < 3.5.17 - Password Reset Weakness
CVSS 7.5
CVE-2020-5361 MEDIUM
Dell Cpg Bios - Password Reset Weakness
CVSS 5.1
CVE-2020-28186 HIGH
Terra-master Tos < 4.2.06 - Password Reset Weakness
CVSS 7.3
CVE-2020-27408 HIGH
OpenSIS CE <7.6 - Info Disclosure
CVSS 7.5
CVE-2020-27179 CRITICAL
konzept-ix publiXone <2020.015 - Privilege Escalation
CVSS 9.8
CVE-2020-25728 HIGH
Alfresco Reset Password < 1.2.0 - Password Reset Weakness
CVSS 8.8
CVE-2020-25105 CRITICAL
Eramba - Password Reset Weakness
CVSS 9.8
CVE-2020-14016 MEDIUM
Naviwebs Navigate Cms - Password Reset Weakness
CVSS 5.3
CVE-2020-14015 HIGH
Naviwebs Navigate Cms - Password Reset Weakness
CVSS 7.5
CVE-2020-11027 MEDIUM
WordPress <5.4.1 - Info Disclosure
CVSS 6.1
CVE-2020-7245 CRITICAL
Ctfd < 2.2.2 - Password Reset Weakness
CVSS 9.8
CVE-2019-6560 CRITICAL
Auto-maskin Rp210e Firmware < 3.7 - Password Reset Weakness
CVSS 9.1
CVE-2019-20004 HIGH
Intelbras Iwr 3000n Firmware - Password Reset Weakness
CVSS 8.8
CVE-2019-19844 CRITICAL
Django < 1.11.27 - Password Reset Weakness
CVSS 9.8
CVE-2019-17392 CRITICAL
Progress Sitefinity < 9.1.6185 - Password Reset Weakness
CVSS 9.8
CVE-2019-18818 CRITICAL
Strapi CMS Unauthenticated Password Reset
CVSS 9.8
CVE-2019-15929 CRITICAL
Craft CMS <3.1.7 - Info Disclosure
CVSS 9.8
CVE-2019-15749 MEDIUM
Sitos Six - Password Reset Weakness
CVSS 6.5
CVE-2019-14955 MEDIUM
Jetbrains Hub < 2018.4.11436 - Password Reset Weakness
CVSS 5.3
CVE-2019-12943 HIGH
Ttlock - Password Reset Weakness
CVSS 8.1
CVE-2019-13240 MEDIUM
Glpi < 9.4.1 - Password Reset Weakness
CVSS 5.9
CVE-2019-10270 HIGH
Ultimatemember Ultimate Member < 2.0.40 - Password Reset Weakness
CVSS 8.8
CVE-2019-3787 HIGH
Cloud Foundry UAA <73.0.0 - Info Disclosure
CVSS 8.3
Details
Vulnerabilities 258
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits