CWE-620
AllowedUnverified Password Change
Abstraction: Base · Status: Draft
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.
157 vulnerabilities reference this CWE, most recent first.
GHSA-GFXR-MVPH-45QR
Vulnerability from github – Published: 2023-06-02 18:30 – Updated: 2023-06-02 18:30Unverified Password Change in GitHub repository tsolucio/corebos prior to 8.
{
"affected": [],
"aliases": [
"CVE-2023-3069"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-02T17:15:13Z",
"severity": "HIGH"
},
"details": "Unverified Password Change in GitHub repository tsolucio/corebos prior to 8.",
"id": "GHSA-gfxr-mvph-45qr",
"modified": "2023-06-02T18:30:19Z",
"published": "2023-06-02T18:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3069"
},
{
"type": "WEB",
"url": "https://github.com/tsolucio/corebos/commit/e3dabd74c68646bb54538d66411fc1e633ec454b"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/00544982-365a-476b-b5fe-42f02f11d367"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H5FP-7R6F-5X9M
Vulnerability from github – Published: 2025-01-18 09:30 – Updated: 2025-01-18 09:30The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due to the plugin not properly validating a user's identity prior to updating their details like password through the adifier_recover() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
{
"affected": [],
"aliases": [
"CVE-2024-13375"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-18T09:15:07Z",
"severity": "CRITICAL"
},
"details": "The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due to the plugin not properly validating a user\u0027s identity prior to updating their details like password through the adifier_recover() function. This makes it possible for unauthenticated attackers to change arbitrary user\u0027s passwords, including administrators, and leverage that to gain access to their account.",
"id": "GHSA-h5fp-7r6f-5x9m",
"modified": "2025-01-18T09:30:23Z",
"published": "2025-01-18T09:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13375"
},
{
"type": "WEB",
"url": "https://themeforest.net/item/adifier-classified-ads-wordpress-theme/21633950"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fbf2aeed-0f18-4ef6-aff8-9e8c4531d789?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HPP6-2PRW-CVWR
Vulnerability from github – Published: 2023-12-29 12:30 – Updated: 2024-02-29 03:32A vulnerability, which was classified as problematic, was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2023-4465"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-29T10:15:12Z",
"severity": "LOW"
},
"details": "A vulnerability, which was classified as problematic, was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability.",
"id": "GHSA-hpp6-2prw-cvwr",
"modified": "2024-02-29T03:32:46Z",
"published": "2023-12-29T12:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4465"
},
{
"type": "WEB",
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
},
{
"type": "WEB",
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"type": "WEB",
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip"
},
{
"type": "WEB",
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip-devices"
},
{
"type": "WEB",
"url": "https://support.hp.com/us-en/document/ish_9929371-9929407-16/hpsbpy03899"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.249258"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.249258"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HV8Q-7RJW-5H3J
Vulnerability from github – Published: 2025-04-24 09:30 – Updated: 2025-04-24 09:30The Buddypress Force Password Change plugin for WordPress is vulnerable to authenticated account takeover due to the plugin not properly validating a user's identity prior to updating their password through the 'bp_force_password_ajax' function in all versions up to, and including, 0.1. This makes it possible for authenticated attackers, with subscriber-level access and above and under certain prerequisites, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their accounts.
{
"affected": [],
"aliases": [
"CVE-2025-3793"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-24T09:15:32Z",
"severity": "MODERATE"
},
"details": "The Buddypress Force Password Change plugin for WordPress is vulnerable to authenticated account takeover due to the plugin not properly validating a user\u0027s identity prior to updating their password through the \u0027bp_force_password_ajax\u0027 function in all versions up to, and including, 0.1. This makes it possible for authenticated attackers, with subscriber-level access and above and under certain prerequisites, to change arbitrary user\u0027s passwords, including administrators, and leverage that to gain access to their accounts.",
"id": "GHSA-hv8q-7rjw-5h3j",
"modified": "2025-04-24T09:30:35Z",
"published": "2025-04-24T09:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3793"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/buddy-press-force-password-change/trunk/bp-force-password-change.php#L93"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e3048c4c-77b1-4778-a5d0-b532df777d06?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-J3PG-9JG5-PJ7F
Vulnerability from github – Published: 2025-04-08 09:31 – Updated: 2025-04-08 09:31A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices allows to change the login password without knowing the current password. In combination with a prepared CSRF attack (CVE-2024-41795) an unauthenticated attacker could be able to set the password to an attacker-controlled value.
{
"affected": [],
"aliases": [
"CVE-2024-41796"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T09:15:20Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices allows to change the login password without knowing the current password. In combination with a prepared CSRF attack (CVE-2024-41795) an unauthenticated attacker could be able to set the password to an attacker-controlled value.",
"id": "GHSA-j3pg-9jg5-pj7f",
"modified": "2025-04-08T09:31:12Z",
"published": "2025-04-08T09:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41796"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-187636.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-J3RW-H6R5-MM7X
Vulnerability from github – Published: 2026-07-10 15:31 – Updated: 2026-07-10 15:31Capgo before 12.128.2 contains an authentication bypass vulnerability in the password change endpoint that allows attackers to change user passwords without requiring current password confirmation. Attackers with temporary session access can exploit this flaw to permanently lock out legitimate users and achieve full account takeover.
{
"affected": [],
"aliases": [
"CVE-2026-56305"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-10T15:16:42Z",
"severity": "HIGH"
},
"details": "Capgo before 12.128.2 contains an authentication bypass vulnerability in the password change endpoint that allows attackers to change user passwords without requiring current password confirmation. Attackers with temporary session access can exploit this flaw to permanently lock out legitimate users and achieve full account takeover.",
"id": "GHSA-j3rw-h6r5-mm7x",
"modified": "2026-07-10T15:31:39Z",
"published": "2026-07-10T15:31:39Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Cap-go/capgo/security/advisories/GHSA-rjr5-qxqj-cx8g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56305"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/capgo-authentication-bypass-in-password-change-via-missing-current-password-validation"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-J527-V579-M98H
Vulnerability from github – Published: 2024-06-06 21:30 – Updated: 2025-10-15 15:49An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for unauthorized account takeover by bypassing the standard password change verification process. The issue was fixed in version 0.56.3.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "zenml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.56.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-2213"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-620"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-06T22:29:18Z",
"nvd_published_at": "2024-06-06T19:15:53Z",
"severity": "LOW"
},
"details": "An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for unauthorized account takeover by bypassing the standard password change verification process. The issue was fixed in version 0.56.3.",
"id": "GHSA-j527-v579-m98h",
"modified": "2025-10-15T15:49:28Z",
"published": "2024-06-06T21:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2213"
},
{
"type": "WEB",
"url": "https://github.com/zenml-io/zenml/commit/58cb3d987372c91eb605853c35325701733337c2"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-193.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/zenml-io/zenml"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/8f5534ac-fd08-4b8b-8c2e-35949aa36e48"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improper authentication in zenml"
}
GHSA-JF94-MQCR-QWMX
Vulnerability from github – Published: 2025-04-24 09:30 – Updated: 2026-04-08 21:33The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
{
"affected": [],
"aliases": [
"CVE-2025-3603"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-24T09:15:31Z",
"severity": "CRITICAL"
},
"details": "The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user\u0027s identity prior to updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user\u0027s passwords, including administrators, and leverage that to gain access to their account.",
"id": "GHSA-jf94-mqcr-qwmx",
"modified": "2026-04-08T21:33:04Z",
"published": "2025-04-24T09:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3603"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/flynax-bridge/trunk/request.php"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3306501"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fa8124db-ee6a-481d-88c6-4cc84fefcf1c?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M724-88WC-FPGH
Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-20 12:32In version v0.0.14 of transformeroptimus/superagi, there is an improper privilege management vulnerability. After logging into the system, users can change the passwords of other users, leading to potential account takeover.
{
"affected": [],
"aliases": [
"CVE-2024-9431"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-20T10:15:48Z",
"severity": "MODERATE"
},
"details": "In version v0.0.14 of transformeroptimus/superagi, there is an improper privilege management vulnerability. After logging into the system, users can change the passwords of other users, leading to potential account takeover.",
"id": "GHSA-m724-88wc-fpgh",
"modified": "2025-03-20T12:32:51Z",
"published": "2025-03-20T12:32:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9431"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/9b33d7c1-ed0a-4f5b-a378-694570fd990b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MVM4-PHM8-XG5P
Vulnerability from github – Published: 2025-09-09 21:30 – Updated: 2025-09-09 21:30An authentication bypass vulnerability allows remote attackers to gain administrative privileges on Sophos AP6 Series Wireless Access Points older than firmware version 1.7.2563 (MR7).
{
"affected": [],
"aliases": [
"CVE-2025-10159"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-09T21:15:34Z",
"severity": "CRITICAL"
},
"details": "An authentication bypass vulnerability allows remote attackers to gain administrative privileges on Sophos AP6 Series Wireless Access Points older than firmware version 1.7.2563 (MR7).",
"id": "GHSA-mvm4-phm8-xg5p",
"modified": "2025-09-09T21:30:30Z",
"published": "2025-09-09T21:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10159"
},
{
"type": "WEB",
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20250909-ap6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
When prompting for a password change, force the user to provide the original password in addition to the new password.
Mitigation
Do not use "forgotten password" functionality. But if you must, ensure that you are only providing information to the actual user, e.g. by using an email address or challenge question that the legitimate user already provided in the past; do not allow the current user to change this identity information until the correct password has been provided.
No CAPEC attack patterns related to this CWE.