VYPR

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

BaseIncompleteLikelihood: High

Description

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-50

CVEs mapped to this weakness (136)

page 2 of 7
  • CVE-2017-7551CriAug 16, 2017
    risk 0.64cvss 9.8epss 0.01

    389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.

  • CVE-2017-2766CriFeb 3, 2017
    risk 0.64cvss 9.8epss 0.02

    EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious…

  • CVE-2025-69614CriMar 10, 2026
    risk 0.61cvss 9.4epss 0.00

    Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-27, fixed 2025-10-31.

  • CVE-2025-4319CriJan 23, 2026
    risk 0.61cvss 9.4epss 0.00

    Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Brute Force, Password Recovery Exploitation. This issue affects Sufirmam: through…

  • CVE-2026-34408CriMay 5, 2026
    risk 0.59cvss 9.1epss 0.00

    An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0). The password reset function can be bypassed to set arbitrary passwords for arbitrary accounts if the ID is known.

  • CVE-2026-25858CriFeb 7, 2026
    risk 0.59cvss 9.1epss 0.01

    macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account passwords using only a victim’s telephone number. The password reset flow exposes…

  • CVE-2018-0787HigMar 14, 2018
    risk 0.58cvss 8.8epss 0.10

    ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".

  • CVE-2025-50503HigAug 20, 2025
    risk 0.57cvss 8.8epss 0.00

    A vulnerability in the password reset workflow of the Touch Lebanon Mobile App 2.20.2 allows an attacker to bypass the OTP reset password mechanism. By manipulating the reset process, an unauthorized user may be able to reset the password and gain access to the account without…

  • CVE-2024-12295HigMar 19, 2025
    risk 0.57cvss 8.8epss 0.00

    The BoomBox Theme Extensions plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.8.0. This is due to the plugin not properly validating a user's identity prior to updating their password through the…

  • CVE-2024-45980HigSep 26, 2024
    risk 0.57cvss 8.8epss 0.00

    A host header injection vulnerability in MEANStore 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise their accounts.

  • CVE-2024-27899HigApr 9, 2024
    risk 0.57cvss 8.8epss 0.00

    Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and…

  • CVE-2018-17401HigSep 23, 2018
    risk 0.57cvss 8.8epss 0.01

    The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by exploiting its Forgot Password feature. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious…

  • CVE-2018-11134HigMay 31, 2018
    risk 0.57cvss 8.8epss 0.03

    In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. One of the available commands allows changing any user's password…

  • CVE-2015-5172CriOct 24, 2017
    risk 0.57cvss 9.8epss 0.01

    Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.

  • CVE-2017-14005HigOct 17, 2017
    risk 0.57cvss 8.8epss 0.01

    An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a user, the application does not require the user to know the original password. An attacker who is authenticated could change a user's…

  • CVE-2017-12851HigAug 14, 2017
    risk 0.57cvss 8.8epss 0.01

    An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.

  • CVE-2017-12850HigAug 14, 2017
    risk 0.57cvss 8.8epss 0.01

    An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.

  • CVE-2026-33707CriApr 10, 2026
    risk 0.54cvss 9.4epss 0.00

    Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1($email) with no random component, no expiration, and no rate limiting. An attacker who knows a user's email can compute the reset token…

  • CVE-2025-29995HigMar 13, 2025
    risk 0.54cvss epss 0.00

    This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit this vulnerability through vulnerable API endpoint which could lead to account…

  • CVE-2026-45013HigJun 12, 2026
    risk 0.53cvss 8.1epss 0.00

    ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 have a password reset flow that constructs the reset URL using `req.hostname`, which is derived directly from the attacker-controlled HTTP `Host` header when `apos.baseUrl` is…