VYPR

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

BaseIncompleteLikelihood: High

Description

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-50

CVEs mapped to this weakness (136)

page 1 of 7
  • CVE-2017-17097CriJan 2, 2018
    risk 0.67cvss 9.8epss 0.07

    gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to…

  • CVE-2017-7615HigApr 16, 2017
    risk 0.67cvss 8.8epss 0.91

    MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.

  • CVE-2025-4320CriJan 23, 2026
    risk 0.65cvss 10.0epss 0.00

    Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass, Password Recovery Exploitation. This issue affects Sufirmam: through…

  • CVE-2025-12866CriNov 10, 2025
    risk 0.64cvss 9.8epss 0.00

    EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting any user's password.

  • CVE-2025-10127CriSep 11, 2025
    risk 0.64cvss 9.8epss 0.01

    Daikin Europe N.V Security Gateway is vulnerable to an authorization bypass through a user-controlled key vulnerability that could allow an attacker to bypass authentication. An unauthorized attacker could access the system without prior credentials.

  • CVE-2025-32486CriSep 9, 2025
    risk 0.64cvss 9.8epss 0.00

    Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material Dashboard material-dashboard.This issue affects Material Dashboard: from n/a through <= 1.4.6.

  • CVE-2025-50594CriAug 13, 2025
    risk 0.64cvss 9.8epss 0.00

    An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings/SecuritySettingsController.cs in Danphe Health Hospital Management System EMR 3.2 allowing attackers to reset any account password.

  • CVE-2025-43932CriJul 7, 2025
    risk 0.64cvss 9.8epss 0.00

    JobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.

  • CVE-2025-43931CriJul 7, 2025
    risk 0.64cvss 9.8epss 0.00

    flask-boilerplate through a170e7c allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.

  • CVE-2025-47646CriMay 23, 2025
    risk 0.64cvss 9.8epss 0.22

    Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration psw-login-and-registration allows Password Recovery Exploitation.This issue affects PSW Front-end Login & Registration: from n/a through <= 1.13.

  • CVE-2025-31380CriApr 17, 2025
    risk 0.64cvss 9.8epss 0.00

    Weak Password Recovery Mechanism for Forgotten Password vulnerability in videowhisper Paid Videochat Turnkey Site ppv-live-webcams allows Password Recovery Exploitation.This issue affects Paid Videochat Turnkey Site: from n/a through <= 7.3.11.

  • CVE-2024-5404CriJun 3, 2024
    risk 0.64cvss 9.8epss 0.01

    An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak password recovery mechanism.

  • CVE-2021-22763CriJun 11, 2021
    risk 0.64cvss 9.8epss 0.02

    A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to…

  • CVE-2018-16988CriMay 2, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the…

  • CVE-2018-17881CriOct 3, 2018
    risk 0.64cvss 9.8epss 0.01

    On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change.

  • CVE-2018-17298CriSep 21, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password.

  • CVE-2018-1000554CriJun 26, 2018
    risk 0.64cvss 9.8epss 0.01

    Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in user component that can result in Password reset. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed.

  • CVE-2018-12421CriJun 14, 2018
    risk 0.64cvss 9.8epss 0.03

    LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string.

  • CVE-2018-10081CriApr 13, 2018
    risk 0.64cvss 9.8epss 0.02

    CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring.

  • CVE-2015-4689CriSep 11, 2017
    risk 0.64cvss 9.8epss 0.02

    Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset arbitrary passwords via unspecified vectors, aka "Weak Password Reset."