Register
Login
Toggle navigation
SaaS Solutions
Vulnerability Intelligence
Pricing
Vulnerabilities
Reports
Blog
Contact Us
Main
Vulnerability Database
CWE List
With exploit
With patch
CWE-640 - Weak password recovery mechanism
Description
The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
A remote attacker can use this functionality to bypass authentication process and gain unauthorized access to the application.
Latest vulnerabilities for CWE-640
Weak password recovery mechanism in ServiceNow Utah
2023-08-11
High
Yes
Multiple vulnerabilities in Weintek Weincloud
2023-07-19
Medium
Yes
Multiple vulnerabilities in Akuvox E11
2023-03-13
High
No
Multiple vulnerabilities in Zoho ManageEngine OpManager
2022-01-31
Medium
Yes
Multiple vulnerabilities in Team Password Manager
2021-11-26
Medium
Yes
Multiple vulnerabilities in October CMS
2021-08-26
High
Yes
Multiple vulnerabilities in TerraMaster TOS
2020-12-24
High
No
Multiple vulnerabilities in Naviwebs Navigate CMS
2020-06-19
Medium
No
Multiple vulnerabilities in WordPress
2020-04-29
High
Yes
Authentication bypass in Fortinet FortiMail and FortiVoice Entreprise
2020-04-27
High
Yes
References
Description of CWE-640 on Mitre website