CWE-640 - Weak password recovery mechanism

Description

The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

A remote attacker can use this functionality to bypass authentication process and gain unauthorized access to the application.

Multiple vulnerabilities in Zoho ManageEngine OpManager 2022-01-31
Medium Yes

Multiple vulnerabilities in Team Password Manager 2021-11-26
Medium Yes

Multiple vulnerabilities in October CMS 2021-08-26
High Yes

Multiple vulnerabilities in TerraMaster TOS 2020-12-24
High No

Multiple vulnerabilities in Naviwebs Navigate CMS 2020-06-19
Medium No

Multiple vulnerabilities in WordPress 2020-04-29
High Yes

Authentication bypass in Fortinet FortiMail and FortiVoice Entreprise 2020-04-27
High Yes

Weak password recovery mechanism for forgotten password in Strapi 2019-11-15
High Yes

Weak Password Recovery Mechanism for Forgotten Password in glpi-project GLPI 2019-07-10
Medium Yes

Multiple vulnerabilities in GitLab, Gitlab Community Edition 2018-07-03
High Yes