CWE-640 - Weak password recovery mechanism

Description

The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

A remote attacker can use this functionality to bypass authentication process and gain unauthorized access to the application.

Weak password recovery mechanism in ServiceNow Utah 2023-08-11
High Yes

Multiple vulnerabilities in Weintek Weincloud 2023-07-19
Medium Yes

Multiple vulnerabilities in Akuvox E11 2023-03-13
High No

Multiple vulnerabilities in Zoho ManageEngine OpManager 2022-01-31
Medium Yes

Multiple vulnerabilities in Team Password Manager 2021-11-26
Medium Yes

Multiple vulnerabilities in October CMS 2021-08-26
High Yes

Multiple vulnerabilities in TerraMaster TOS 2020-12-24
High No

Multiple vulnerabilities in Naviwebs Navigate CMS 2020-06-19
Medium No

Multiple vulnerabilities in WordPress 2020-04-29
High Yes

Authentication bypass in Fortinet FortiMail and FortiVoice Entreprise 2020-04-27
High Yes