CWE-620
Unverified Password Change
Description
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (46)
page 3 of 3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-51493 | 0.00 | — | 0.00 | Nov 5, 2024 | OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to… | |||
| CVE-2024-2213 | 0.00 | — | 0.00 | Jun 6, 2024 | An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for… | |||
| CVE-2024-34077 | 0.00 | — | 0.01 | May 13, 2024 | MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit… | |||
| CVE-2024-23637 | 0.00 | — | 0.01 | Jan 31, 2024 | OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who… | |||
| CVE-2023-5844 | 0.00 | — | 0.01 | Oct 30, 2023 | Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0. | |||
| CVE-2022-2930 | 0.00 | — | 0.00 | Aug 22, 2022 | Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3. |
- CVE-2024-51493Nov 5, 2024risk 0.00cvss —epss 0.00
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to…
- CVE-2024-2213Jun 6, 2024risk 0.00cvss —epss 0.00
An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for…
- CVE-2024-34077May 13, 2024risk 0.00cvss —epss 0.01
MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit…
- CVE-2024-23637Jan 31, 2024risk 0.00cvss —epss 0.01
OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who…
- CVE-2023-5844Oct 30, 2023risk 0.00cvss —epss 0.01
Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0.
- CVE-2022-2930Aug 22, 2022risk 0.00cvss —epss 0.00
Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3.