VYPR

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

BaseIncompleteLikelihood: High

Description

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-50

CVEs mapped to this weakness (136)

page 6 of 7
  • CVE-2024-9907LowOct 13, 2024
    risk 0.24cvss 3.7epss 0.00

    A vulnerability classified as problematic was found in QileCMS up to 1.1.3. This vulnerability affects the function sendEmail of the file /qilecms/user/controller/Forget.php of the component Verification Code Handler. The manipulation leads to weak password recovery. The attack…

  • CVE-2026-4136MedMar 20, 2026
    risk 0.21cvss 4.3epss 0.00

    The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.2.24. This is due to insufficient validation on the redirect url supplied via the 'rcp_redirect' parameter. This makes it possible for…

  • CVE-2025-14783MedDec 31, 2025
    risk 0.21cvss 4.3epss 0.00

    The Easy Digital Downloads plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.6.2. This is due to insufficient validation on the redirect url supplied via the 'edd_redirect' parameter. This makes it possible for unauthenticated…

  • CVE-2026-2543LowFeb 16, 2026
    risk 0.18cvss 2.7epss 0.00

    A vulnerability was identified in vichan-devel vichan up to 5.1.5. This vulnerability affects unknown code of the file inc/mod/pages.php of the component Password Change Handler. The manipulation of the argument Password leads to unverified password change. The attack can be…

  • CVE-2025-7881LowJul 20, 2025
    risk 0.18cvss 2.7epss 0.00

    A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument code leads to weak password recovery. The attack can be…

  • CVE-2015-3189LowMay 25, 2017
    risk 0.17cvss 3.7epss 0.01

    With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This…

  • CVE-2019-18818Nov 7, 2019
    risk 0.11cvss epss 0.98

    strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.

  • CVE-2026-28268Feb 27, 2026
    risk 0.00cvss epss 0.01

    Vikunja is an open-source self-hosted task management platform. Versions prior to 2.1.0 have a business logic vulnerability exists in the password reset mechanism of vikunja/api that allows password reset tokens to be reused indefinitely. Due to a failure to invalidate tokens…

  • CVE-2026-27593Feb 24, 2026
    risk 0.00cvss epss 0.00

    Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 6.3.3 and 5.73.10, an attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf. The attacker must know the email…

  • CVE-2026-26273Feb 13, 2026
    risk 0.00cvss epss 0.01

    Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authentication vulnerability exists in Known 1.6.2 and earlier. The application leaks the password reset token within a hidden HTML input field on the password reset page. This allows any unauthenticated…

  • CVE-2025-64113Dec 9, 2025
    risk 0.00cvss epss 0.01

    Emby Server is a user-installable home media server. Versions below 4.9.1.81 allow an attacker to gain full administrative access to an Emby Server (for Emby Server administration, not at the OS level). Other than network access, no specific preconditions need to be fulfilled…

  • CVE-2025-64101Oct 29, 2025
    risk 0.00cvss epss 0.00

    Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, a potential vulnerability exists in ZITADEL's password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the…

  • CVE-2024-50356NonOct 31, 2024
    risk 0.00cvss 0.0epss 0.00

    Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). The password could be reset by anyone who have access to the mail inbox circumventing the 2FA. Even though they wouldn't be able to login by…

  • CVE-2024-1722Feb 27, 2024
    risk 0.00cvss epss 0.01

    A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in.

  • CVE-2021-29038Feb 20, 2024
    risk 0.00cvss epss 0.00

    Liferay Portal 7.2.0 through 7.3.5, and older unsupported versions, and Liferay DXP 7.3 before fix pack 1, 7.2 before fix pack 17, and older unsupported versions does not obfuscate password reminder answers on the page, which allows attackers to use man-in-the-middle or shoulder…

  • CVE-2023-50172Jan 10, 2024
    risk 0.00cvss epss 0.01

    A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user.

  • CVE-2023-49097Nov 30, 2023
    risk 0.00cvss epss 0.01

    ZITADEL is an identity infrastructure system. ZITADEL uses the notification triggering requests Forwarded or X-Forwarded-Host header to build the button link sent in emails for confirming a password reset with the emailed code. If this header is overwritten and a user clicks the…

  • CVE-2023-44399Oct 10, 2023
    risk 0.00cvss epss 0.01

    ZITADEL provides identity infrastructure. In versions 2.37.2 and prior, ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. While this settings was properly working during the…

  • CVE-2023-28821Apr 28, 2023
    risk 0.00cvss epss 0.01

    Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets.

  • CVE-2023-31287Apr 27, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the…