VYPR

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

BaseIncompleteLikelihood: High

Description

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-50

CVEs mapped to this weakness (136)

page 4 of 7
  • CVE-2016-8716HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.01

    An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker…

  • CVE-2016-2349HigDec 21, 2016
    risk 0.49cvss 7.5epss 0.01

    Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password.

  • CVE-2016-5996HigSep 26, 2016
    risk 0.49cvss 7.5epss 0.01

    The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not enforce password-length…

  • CVE-2016-7038HigJan 20, 2017
    risk 0.48cvss 7.3epss 0.01

    In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.

  • CVE-2026-35676HigMay 28, 2026
    risk 0.46cvss 8.2epss 0.00

    phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Attackers can enumerate valid username and email pairs and force immediate password…

  • CVE-2026-35675HigMay 28, 2026
    risk 0.46cvss 8.2epss 0.00

    phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verification or email confirmation. Attackers can enumerate valid usernames, obtain…

  • CVE-2026-42606HigMay 9, 2026
    risk 0.46cvss 8.1epss 0.00

    AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthenticated attacker can poison the password…

  • CVE-2026-29199HigMay 4, 2026
    risk 0.46cvss 8.1epss 0.00

    phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When force_server_vars is disabled, the servers hostname may be extracted from the HTTP Host header which is used to generate the password reset link URL. An attacker who…

  • CVE-2026-30459HigApr 16, 2026
    risk 0.46cvss 7.1epss 0.00

    An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message.

  • CVE-2026-28681HigMar 6, 2026
    risk 0.46cvss 8.1epss 0.00

    Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. From version 4.4.0 to before version 4.4.5 and from version 4.5.0 to before version 4.5.1, an attacker can manipulate the HTTP Host header on a password reset or…

  • CVE-2025-61977HigOct 23, 2025
    risk 0.46cvss 7.0epss 0.00

    A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question.

  • CVE-2024-6125HigJun 19, 2024
    risk 0.46cvss 8.1epss 0.00

    The Login with phone number plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.7.34. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit. This makes it…

  • CVE-2023-4214HigNov 18, 2023
    risk 0.46cvss 8.1epss 0.01

    The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit.

  • CVE-2014-6412HigApr 12, 2018
    risk 0.46cvss 8.1epss 0.05

    WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.

  • CVE-2017-5594HigJan 25, 2017
    risk 0.45cvss 7.5epss 0.07

    An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.

  • CVE-2017-2614MedJul 27, 2018
    risk 0.44cvss 6.8epss 0.00

    When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining…

  • CVE-2026-7459HigMay 30, 2026
    risk 0.42cvss 7.5epss 0.01

    The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated (Subscriber+) account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints (react_to_event() / unreact_to_event()). The endpoints…

  • CVE-2024-12604MedMar 10, 2025
    risk 0.42cvss 6.5epss 0.00

    Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse. This issue affects Tap&Sign App:…

  • CVE-2017-1000141MedJan 30, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could discontinue a user's ability to maintain their own account (changing username, changing primary email address, deleting account). The correct behavior was to either prompt them for their…

  • CVE-2016-5997MedSep 26, 2016
    risk 0.42cvss 6.5epss 0.01

    The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not apply password-quality…