Register
Login
Toggle navigation
SaaS Solutions
Vulnerability Intelligence
Vulnerability Management
Pricing
Vulnerabilities
Reports
Blog
Contact Us
Main
Vulnerability Database
CWE List
CWE-640 - Weak password recovery mechanism
Description
The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
A remote attacker can use this functionality to bypass authentication process and gain unauthorized access to the application.
Latest vulnerabilities for CWE-640
Multiple vulnerabilities in HPE Cloudline CL4150 Gen10 Server
2025-01-06
High
Yes
Multiple vulnerabilities in Ruijie Reyee OS
2024-12-04
High
Yes
Multiple vulnerabilities in GLPI
2024-11-06
High
Yes
Weak password recovery mechanism for forgotten password in IBM Security SOAR
2024-10-08
Medium
Yes
Multiple vulnerabilities in Dell PowerProtect DD2200
2024-06-25
High
Yes
Weak password recovery mechanism in ServiceNow Utah
2023-08-11
High
Yes
Multiple vulnerabilities in Weintek Weincloud
2023-07-19
Medium
Yes
Multiple vulnerabilities in Akuvox E11
2023-03-13
High
No
Multiple vulnerabilities in Zoho ManageEngine OpManager
2022-01-31
Medium
Yes
Multiple vulnerabilities in Team Password Manager
2021-11-26
Medium
Yes
References
Description of CWE-640 on Mitre website