VYPR

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

BaseIncompleteLikelihood: High

Description

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-50

CVEs mapped to this weakness (136)

page 5 of 7
  • CVE-2026-40585HigApr 21, 2026
    risk 0.41cvss 7.4epss 0.00

    blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is initiated, a 128-character CSPRNG token is generated and stored alongside a password_reset_at timestamp. However, the token redemption function findUserIDFromEmailAndToken() queries…

  • CVE-2018-8916MedJun 8, 2018
    risk 0.41cvss 6.3epss 0.01

    Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification.

  • CVE-2026-12066HigJun 12, 2026
    risk 0.40cvss 7.3epss 0.00

    A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in…

  • CVE-2025-55030MedAug 19, 2025
    risk 0.40cvss 6.1epss 0.00

    Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks. This vulnerability was fixed in Firefox for iOS 142.

  • CVE-2026-7554MedMay 1, 2026
    risk 0.36cvss 5.6epss 0.01

    A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attack can be initiated remotely. A high degree of complexity is needed for the…

  • CVE-2017-8295MedMay 4, 2017
    risk 0.36cvss 5.9epss 0.27

    WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be…

  • CVE-2026-22723MedMar 5, 2026
    risk 0.35cvss 6.5epss 0.00

    Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0.

  • CVE-2018-10210MedApr 25, 2018
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is possible through the password-reset feature.

  • CVE-2026-9466MedMay 25, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was determined in Tiandy Easy7 Integrated Management Platform 7.17.0. This issue affects some unknown processing of the file /rest/user/updateUserPassword of the component API Endpoint. Executing a manipulation can lead to weak password recovery. The attack can…

  • CVE-2026-36438MedMay 18, 2026
    risk 0.34cvss 5.3epss 0.00

    An issue in Intelbras VIP-1230-D-G4 Version V2.800.00IB00C.0.T allows a remote attacker to obtain sensitive information via password reset functionality under /OutsideCmd

  • CVE-2025-14696MedDec 15, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was identified in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this vulnerability is an unknown functionality of the file /api/GylOperator/UpdatePasswordBatch. The manipulation leads to weak password recovery. The…

  • CVE-2025-0331MedJan 9, 2025
    risk 0.34cvss 5.3epss 0.01

    A vulnerability, which was classified as critical, has been found in YunzMall up to 2.4.2. This issue affects the function changePwd of the file /app/platform/controllers/ResetpwdController.php of the component HTTP POST Request Handler. The manipulation of the argument pwd…

  • CVE-2025-36579MedApr 16, 2026
    risk 0.33cvss 5.1epss 0.00

    Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leading to unauthorized access.

  • CVE-2026-9609MedMay 27, 2026
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was identified in QianFox FoxCMS up to 1.2.6. This affects the function Edit of the file Admin.php. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was…

  • CVE-2025-7948MedJul 22, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/user/updatePwd. The manipulation leads to weak password recovery. The attack can be launched remotely. The exploit has…

  • CVE-2017-8385MedMay 1, 2017
    risk 0.28cvss 5.3epss 0.01

    Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.

  • CVE-2026-7652MedMay 9, 2026
    risk 0.27cvss 5.3epss 0.01

    The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the save_connected_wordpress_user() function propagating a LatePoint…

  • CVE-2026-10169LowMay 31, 2026
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajax_forgot_password of the file application/controllers/Login.php of the component Forgot…

  • CVE-2026-2895LowFeb 21, 2026
    risk 0.24cvss 3.7epss 0.00

    A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forget_code/vercode results in weak password recovery. Remote exploitation of…

  • CVE-2025-15398LowDec 31, 2025
    risk 0.24cvss 3.7epss 0.00

    A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed…