CWE-640 - Weak password recovery mechanism


The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

A remote attacker can use this functionality to bypass authentication process and gain unauthorized access to the application.

Latest vulnerabilities for CWE-640


Description of CWE-640 on Mitre website