CWE-640
Weak Password Recovery Mechanism for Forgotten Password
Description
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-50
CVEs mapped to this weakness (136)
page 7 of 7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-29933 | 0.00 | — | 0.04 | May 9, 2022 | Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality. Specifically,… | |||
| CVE-2022-24892 | 0.00 | — | 0.01 | Apr 28, 2022 | Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim's… | |||
| CVE-2022-0777 | 0.00 | — | 0.01 | Mar 1, 2022 | Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3. | |||
| CVE-2022-23619 | 0.00 | — | 0.01 | Feb 9, 2022 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to guess if a user has an account on the wiki by using the "Forgot your password" form, even if the wiki is closed to guest users. This… | |||
| CVE-2022-22691 | 0.00 | — | 0.01 | Jan 18, 2022 | The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the… | |||
| CVE-2021-25957 | 0.00 | — | 0.01 | Aug 17, 2021 | In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when requested for… | |||
| CVE-2021-36804 | 0.00 | — | 0.01 | Aug 4, 2021 | Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker knows the target's e-mail address. This issue was fixed in version 2.1.13 of… | |||
| CVE-2021-33321 | — | 0.00 | — | 0.01 | Aug 3, 2021 | Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3, allows remote attackers to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password should be defaulted to true. | ||
| CVE-2021-28128 | — | 0.00 | — | 0.01 | May 6, 2021 | In Strapi through 3.6.0, the admin panel allows the changing of one's own password without entering the current password. An attacker who gains access to a valid session can use this to take over an account by changing the password. | ||
| CVE-2021-30185 | — | 0.00 | — | 0.01 | Apr 7, 2021 | CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link. | ||
| CVE-2017-18908 | — | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address. | ||
| CVE-2019-19844 | — | 0.00 | — | 0.35 | Dec 18, 2019 | Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token… | ||
| CVE-2019-15929 | — | 0.00 | — | 0.02 | Oct 24, 2019 | In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them. | ||
| CVE-2019-10641 | 0.00 | — | 0.01 | Apr 17, 2019 | Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password. | |||
| CVE-2018-1000501 | Cri | 0.00 | 9.8 | 0.02 | Jun 26, 2018 | Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application/controllers/administration/auth.php that can result in Account Tackover. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in… | ||
| CVE-2017-12161 | — | Hig | 0.00 | 8.8 | 0.01 | Feb 21, 2018 | It was found that keycloak before 3.4.2 final would permit misuse of a client-side /etc/hosts entry to spoof a URL in a password reset request. An attacker could use this flaw to craft a malicious password reset request and gain a valid reset token, leading to information… |
- CVE-2022-29933May 9, 2022risk 0.00cvss —epss 0.04
Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality. Specifically,…
- CVE-2022-24892Apr 28, 2022risk 0.00cvss —epss 0.01
Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim's…
- CVE-2022-0777Mar 1, 2022risk 0.00cvss —epss 0.01
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3.
- CVE-2022-23619Feb 9, 2022risk 0.00cvss —epss 0.01
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to guess if a user has an account on the wiki by using the "Forgot your password" form, even if the wiki is closed to guest users. This…
- CVE-2022-22691Jan 18, 2022risk 0.00cvss —epss 0.01
The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the…
- CVE-2021-25957Aug 17, 2021risk 0.00cvss —epss 0.01
In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when requested for…
- CVE-2021-36804Aug 4, 2021risk 0.00cvss —epss 0.01
Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker knows the target's e-mail address. This issue was fixed in version 2.1.13 of…
- CVE-2021-33321Aug 3, 2021risk 0.00cvss —epss 0.01
Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3, allows remote attackers to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password should be defaulted to true.
- CVE-2021-28128May 6, 2021risk 0.00cvss —epss 0.01
In Strapi through 3.6.0, the admin panel allows the changing of one's own password without entering the current password. An attacker who gains access to a valid session can use this to take over an account by changing the password.
- CVE-2021-30185Apr 7, 2021risk 0.00cvss —epss 0.01
CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link.
- CVE-2017-18908Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address.
- CVE-2019-19844Dec 18, 2019risk 0.00cvss —epss 0.35
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token…
- CVE-2019-15929Oct 24, 2019risk 0.00cvss —epss 0.02
In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.
- CVE-2019-10641Apr 17, 2019risk 0.00cvss —epss 0.01
Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.
- risk 0.00cvss 9.8epss 0.02
Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application/controllers/administration/auth.php that can result in Account Tackover. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in…
- risk 0.00cvss 8.8epss 0.01
It was found that keycloak before 3.4.2 final would permit misuse of a client-side /etc/hosts entry to spoof a URL in a password reset request. An attacker could use this flaw to craft a malicious password reset request and gain a valid reset token, leading to information…