CWE-640

High likelihood

Weak Password Recovery Mechanism for Forgotten Password

Parent: CWE-1390 - Weak Authentication

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

258 vulnerabilities with CWE-640
CVE-2019-12476 MEDIUM
Zohocorp Manageengine Adselfservice Plus - Password Reset Weakness
CVSS 6.8
CVE-2019-11414 HIGH
Intelbras IWR 3000N <1.5.0 - Privilege Escalation
CVSS 8.8
CVE-2019-11393 CRITICAL
M/Monit <3.7.3 - Privilege Escalation
CVSS 9.8
CVE-2019-10641 CRITICAL
Contao Cms < 3.5.39 - Password Reset Weakness
CVSS 9.8
CVE-2018-16988 CRITICAL
Open XDMoD <7.5.0 - Auth Bypass
CVSS 9.8
CVE-2018-16529 CRITICAL
Forcepoint Email Security < 8.5.3 - Password Reset Weakness
CVSS 9.8
CVE-2018-19488 CRITICAL
WP-jobhunt <2.4 - RCE
CVSS 9.8
CVE-2018-0696 HIGH
Osstech Openam < 13.0.0-120 - Password Reset Weakness
CVSS 7.5
CVE-2018-18871 CRITICAL
Gigasetpro Maxwell Basic Firmware - Password Reset Weakness
CVSS 9.8
CVE-2018-1000812 HIGH
Artica Integria IMS <5.0 MR56 Package 58 - Weak Password Recovery
CVSS 8.1
CVE-2018-12315 MEDIUM
ASUSTOR ADM <3.1.1 - Info Disclosure
CVSS 6.5
CVE-2018-7811 CRITICAL
Modicon M340-Quantum - Info Disclosure
CVSS 9.8
CVE-2018-7809 CRITICAL
Modicon M340-Quantum - Info Disclosure
CVSS 9.8
CVE-2018-17881 CRITICAL
D-Link DIR-823G - Auth Bypass
CVSS 9.8
CVE-2018-17401 HIGH
PhonePe wallet <3.3.26 - Info Disclosure
CVSS 8.8
CVE-2018-17298 CRITICAL
Enalean Tuleap <10.5 - Info Disclosure
CVSS 9.8
CVE-2018-12579 HIGH
OXID eShop <5.3.8,6.0.x<6.0.3,6.1.x<6.1.0 - Auth Bypass
CVSS 8.1
CVE-2018-1000554 CRITICAL
Trovebox <=4.0.0-rc6 - Info Disclosure
CVSS 9.8
CVE-2018-1000501 CRITICAL
Instant Update CMS <v0.3.3 - Privilege Escalation
CVSS 9.8
CVE-2018-12421 CRITICAL
LTB Self Service Password <1.3 - Auth Bypass
CVSS 9.8
CVE-2018-8916 MEDIUM
Synology Diskstation Manager < 6.2-23739 - Password Reset Weakness
CVSS 6.3
CVE-2018-11134 HIGH
Quest Kace System Management Appliance - Password Reset Weakness
CVSS 8.8
CVE-2018-10210 MEDIUM
Vaultize Enterprise File Sharing <17.05.31 - Info Disclosure
CVSS 5.3
CVE-2018-10081 CRITICAL
CMSMS <2.2.6 - Info Disclosure
CVSS 9.8
CVE-2018-0787 HIGH
Microsoft Asp.net Core < 2.0.2 - Password Reset Weakness
CVSS 8.8
Details
Vulnerabilities 258
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits