VYPR

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

BaseIncompleteLikelihood: High

Description

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-50

CVEs mapped to this weakness (136)

page 3 of 7
  • CVE-2026-2564HigFeb 16, 2026
    risk 0.53cvss 8.1epss 0.00

    A security flaw has been discovered in Intelbras VIP 3260 Z IA 2.840.00IB005.0.T. Affected by this vulnerability is an unknown functionality of the file /OutsideCmd. The manipulation results in weak password recovery. It is possible to launch the attack remotely. Attacks of this…

  • CVE-2025-8855HigNov 14, 2025
    risk 0.53cvss 8.1epss 0.00

    Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assumed-Immutable Data vulnerability in Optimus Software Brokerage Automation allows Exploiting Trust in Client, Authentication Bypass, Manipulate…

  • CVE-2025-41251HigSep 29, 2025
    risk 0.53cvss 8.1epss 0.01

    VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks. Impact: Username enumeration → credential brute force risk. Attack…

  • CVE-2023-7264HigJun 11, 2024
    risk 0.53cvss 8.1epss 0.01

    The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.22. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit…

  • CVE-2018-12579HigAug 20, 2018
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x…

  • CVE-2017-0921HigJul 3, 2018
    risk 0.53cvss 8.1epss 0.01

    GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.

  • CVE-2017-8613HigJun 29, 2017
    risk 0.53cvss 8.1epss 0.04

    Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Azure AD Connect Elevation of Privilege Vulnerability."

  • CVE-2026-24467CriApr 20, 2026
    risk 0.52cvss 9.0epss 0.01

    OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's password reset implementation contains multiple security weaknesses that…

  • CVE-2026-34751CriApr 1, 2026
    risk 0.52cvss 9.1epss 0.00

    Payload is a free and open source headless content management system. Prior to version 3.79.1 in @payloadcms/graphql and payload, a vulnerability in the password recovery flow could allow an unauthenticated attacker to perform actions on behalf of a user who initiates a password…

  • CVE-2024-42915HigAug 23, 2024
    risk 0.52cvss 8.0epss 0.00

    A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This will allow attackers to arbitrarily reset other users' passwords and compromise their accounts.

  • CVE-2015-7257HigAug 24, 2017
    risk 0.52cvss 7.5epss 0.07

    ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin".

  • CVE-2025-53373HigJul 7, 2025
    risk 0.51cvss epss 0.00

    Natours is a Tour Booking API. The attacker can easily take over any victim account by injecting an attacker-controlled server domain in the Host header when requesting the /forgetpassword endpoint. This vulnerability is fixed with commit 7401793a8d9ed0f0c250c4e0ee2815d685d7a70b.

  • CVE-2017-8916HigJan 31, 2018
    risk 0.51cvss 7.8epss 0.00

    In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administrative access.

  • CVE-2026-50635HigJun 9, 2026
    risk 0.50cvss 8.8epss 0.00

    LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it. The optional allowedHosts allowlist that would constrain this is undefined in the default (and documented) configuration, so LSHttpRequest::checkIsAllowedHost()…

  • CVE-2023-53958HigDec 19, 2025
    risk 0.49cvss 7.5epss 0.00

    LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling…

  • CVE-2025-53704HigDec 4, 2025
    risk 0.49cvss 7.5epss 0.00

    The password reset mechanism for the Pivot client application is weak, and it may allow an attacker to take over the account.

  • CVE-2024-33530HigMay 2, 2024
    risk 0.49cvss 7.5epss 0.01

    In Jitsi Meet before 9391, a logic flaw in password-protected Jitsi meetings (that make use of a lobby) leads to the disclosure of the meeting password when a user is invited to a call after waiting in the lobby.

  • CVE-2017-7629HigJun 15, 2017
    risk 0.49cvss 7.5epss 0.01

    QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function.

  • CVE-2017-9543HigJun 12, 2017
    risk 0.49cvss 7.5epss 0.01

    register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.

  • CVE-2017-7731HigMay 27, 2017
    risk 0.49cvss 7.5epss 0.01

    A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature.