Weak password recovery mechanism
The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
A remote attacker can use this functionality to bypass authentication process and gain unauthorized access to the application.