CWE-620
AllowedUnverified Password Change
Abstraction: Base · Status: Draft
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.
157 vulnerabilities reference this CWE, most recent first.
CVE-2022-2930 (GCVE-0-2022-2930)
Vulnerability from cvelistv5 – Published: 2022-08-22 11:35 – Updated: 2024-08-03 00:53- CWE-620 - Unverified Password Change
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e9… | x_refsource_CONFIRM |
| https://github.com/octoprint/octoprint/commit/145… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| octoprint | octoprint/octoprint |
Affected:
unspecified , < 1.8.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "octoprint/octoprint",
"vendor": "octoprint",
"versions": [
{
"lessThan": "1.8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-22T11:35:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f"
}
],
"source": {
"advisory": "da6745e4-7bcc-4e9a-9e96-0709ec9f2477",
"discovery": "EXTERNAL"
},
"title": "Unverified Password Change in octoprint/octoprint",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2930",
"STATE": "PUBLIC",
"TITLE": "Unverified Password Change in octoprint/octoprint"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "octoprint/octoprint",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.8.3"
}
]
}
}
]
},
"vendor_name": "octoprint"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-620 Unverified Password Change"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477"
},
{
"name": "https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f",
"refsource": "MISC",
"url": "https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f"
}
]
},
"source": {
"advisory": "da6745e4-7bcc-4e9a-9e96-0709ec9f2477",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2930",
"datePublished": "2022-08-22T11:35:11.000Z",
"dateReserved": "2022-08-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:53:00.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34786 (GCVE-0-2021-34786)
Vulnerability from cvelistv5 – Published: 2021-09-09 05:01 – Updated: 2024-11-07 22:00| URL | Tags |
|---|---|
| https://tools.cisco.com/security/center/content/C… | vendor-advisoryx_refsource_CISCO |
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco BroadWorks |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:48.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210908 Cisco BroadWorks CommPilot Application Software Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-dJ9JT67N"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34786",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:40:41.207019Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T22:00:06.200Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco BroadWorks",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-09T05:01:49.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210908 Cisco BroadWorks CommPilot Application Software Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-dJ9JT67N"
}
],
"source": {
"advisory": "cisco-sa-broadworks-dJ9JT67N",
"defect": [
[
"CSCvz32610",
"CSCvz32611"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco BroadWorks CommPilot Application Software Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-09-08T16:00:00",
"ID": "CVE-2021-34786",
"STATE": "PUBLIC",
"TITLE": "Cisco BroadWorks CommPilot Application Software Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco BroadWorks",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-620"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210908 Cisco BroadWorks CommPilot Application Software Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-dJ9JT67N"
}
]
},
"source": {
"advisory": "cisco-sa-broadworks-dJ9JT67N",
"defect": [
[
"CSCvz32610",
"CSCvz32611"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-34786",
"datePublished": "2021-09-09T05:01:49.638Z",
"dateReserved": "2021-06-15T00:00:00.000Z",
"dateUpdated": "2024-11-07T22:00:06.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34785 (GCVE-0-2021-34785)
Vulnerability from cvelistv5 – Published: 2021-09-09 05:01 – Updated: 2024-11-07 22:00| URL | Tags |
|---|---|
| https://tools.cisco.com/security/center/content/C… | vendor-advisoryx_refsource_CISCO |
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco BroadWorks |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:48.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210908 Cisco BroadWorks CommPilot Application Software Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-dJ9JT67N"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:40:42.672779Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T22:00:12.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco BroadWorks",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-09T05:01:41.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210908 Cisco BroadWorks CommPilot Application Software Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-dJ9JT67N"
}
],
"source": {
"advisory": "cisco-sa-broadworks-dJ9JT67N",
"defect": [
[
"CSCvz32610",
"CSCvz32611"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco BroadWorks CommPilot Application Software Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-09-08T16:00:00",
"ID": "CVE-2021-34785",
"STATE": "PUBLIC",
"TITLE": "Cisco BroadWorks CommPilot Application Software Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco BroadWorks",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-620"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210908 Cisco BroadWorks CommPilot Application Software Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-dJ9JT67N"
}
]
},
"source": {
"advisory": "cisco-sa-broadworks-dJ9JT67N",
"defect": [
[
"CSCvz32610",
"CSCvz32611"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-34785",
"datePublished": "2021-09-09T05:01:41.392Z",
"dateReserved": "2021-06-15T00:00:00.000Z",
"dateUpdated": "2024-11-07T22:00:12.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22773 (GCVE-0-2021-22773)
Vulnerability from cvelistv5 – Published: 2021-07-21 10:45 – Updated: 2024-08-03 18:51- CWE-620 - Unverified Password Change
| URL | Tags |
|---|---|
| http://download.schneider-electric.com/files?p_Do… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) |
Affected:
EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-620: Unverified Password Change vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker connected to the charging station web server to modify the password of a user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620: Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-21T10:45:01.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )",
"version": {
"version_data": [
{
"version_value": "EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-620: Unverified Password Change vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker connected to the charging station web server to modify the password of a user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-620: Unverified Password Change"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06",
"refsource": "MISC",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2021-22773",
"datePublished": "2021-07-21T10:45:01.000Z",
"dateReserved": "2021-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:51:07.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7378 (GCVE-0-2020-7378)
Vulnerability from cvelistv5 – Published: 2020-11-24 16:35 – Updated: 2024-09-16 20:37- CWE-620 - Unverified Password Change
| URL | Tags |
|---|---|
| https://blog.rapid7.com/2020/11/24/cve-2020-7378-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.rapid7.com/2020/11/24/cve-2020-7378-opencrx-unverified-password-change/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenCRX",
"vendor": "CRIXP",
"versions": [
{
"lessThanOrEqual": "4.30",
"status": "affected",
"version": "4.30",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.0-20200717",
"status": "affected",
"version": "5.0-20200717",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered and reported by Trevor Christiansen of Rapid7 in accordance with Rapid7\u0027s standard vulnerability disclosure policy."
}
],
"datePublic": "2020-11-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the password of any user, including admin-Standard, to any chosen value. This issue was resolved in version 5.0-20200904, released September 4, 2020."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-24T16:35:14.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.rapid7.com/2020/11/24/cve-2020-7378-opencrx-unverified-password-change/"
}
],
"solutions": [
{
"lang": "en",
"value": "Users should update to 5.0-20200904 or later. If an update is infeasible, users should disable the RequestPasswordReset.jsp wizard."
}
],
"source": {
"discovery": "USER"
},
"title": "CRIXP OpenCRX Unverified Password Change",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-11-24T15:00:00.000Z",
"ID": "CVE-2020-7378",
"STATE": "PUBLIC",
"TITLE": "CRIXP OpenCRX Unverified Password Change"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenCRX",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.30",
"version_value": "4.30"
},
{
"version_affected": "\u003c=",
"version_name": "5.0-20200717",
"version_value": "5.0-20200717"
}
]
}
}
]
},
"vendor_name": "CRIXP"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered and reported by Trevor Christiansen of Rapid7 in accordance with Rapid7\u0027s standard vulnerability disclosure policy."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the password of any user, including admin-Standard, to any chosen value. This issue was resolved in version 5.0-20200904, released September 4, 2020."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-620 Unverified Password Change"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.rapid7.com/2020/11/24/cve-2020-7378-opencrx-unverified-password-change/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2020/11/24/cve-2020-7378-opencrx-unverified-password-change/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Users should update to 5.0-20200904 or later. If an update is infeasible, users should disable the RequestPasswordReset.jsp wizard."
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7378",
"datePublished": "2020-11-24T16:35:15.035Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:37:06.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-25653 (GCVE-0-2019-25653)
Vulnerability from cvelistv5 – Published: 2026-03-30 11:02 – Updated: 2026-03-30 13:53- CWE-620 - Unverified Password Change
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46383 | exploit |
| https://www.navicat.com/es/ | product |
| https://www.navicat.com/es/download/navicat-for-oracle | product |
| https://www.vulncheck.com/advisories/navicat-for-… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Navicat | Navicat for Oracle |
Affected:
12.1.15
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25653",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T13:52:21.510773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:53:07.017Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Navicat for Oracle",
"vendor": "Navicat",
"versions": [
{
"status": "affected",
"version": "12.1.15"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:navicat:navicat:12.1.15:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Victor Mondrag\u00f3n"
}
],
"datePublic": "2019-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer of 550 repeated characters into the password parameter during Oracle connection configuration to trigger an application crash."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T11:02:27.002Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-46383",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46383"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.navicat.com/es/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "https://www.navicat.com/es/download/navicat-for-oracle"
},
{
"name": "VulnCheck Advisory: Navicat for Oracle 12.1.15 Password Field Denial of Service",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/navicat-for-oracle-password-field-denial-of-service"
}
],
"title": "Navicat for Oracle 12.1.15 Password Field Denial of Service",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25653",
"datePublished": "2026-03-30T11:02:27.002Z",
"dateReserved": "2026-03-30T10:55:24.174Z",
"dateUpdated": "2026-03-30T13:53:07.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-8916 (GCVE-0-2018-8916)
Vulnerability from cvelistv5 – Published: 2018-06-08 13:00 – Updated: 2024-09-16 18:59- CWE-620 - Unverified Password Change (CWE-620)
| URL | Tags |
|---|---|
| https://www.synology.com/en-global/support/securi… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Synology | DiskStation Manager (DSM) |
Affected:
unspecified , < 6.2-23739
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/en-global/support/security/Synology_SA_18_24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DiskStation Manager (DSM)",
"vendor": "Synology",
"versions": [
{
"lessThan": "6.2-23739",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-06-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "Unverified Password Change (CWE-620)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-08T12:57:01.000Z",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/en-global/support/security/Synology_SA_18_24"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2018-06-08T00:00:00",
"ID": "CVE-2018-8916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DiskStation Manager (DSM)",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "6.2-23739"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unverified Password Change (CWE-620)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/en-global/support/security/Synology_SA_18_24",
"refsource": "CONFIRM",
"url": "https://www.synology.com/en-global/support/security/Synology_SA_18_24"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2018-8916",
"datePublished": "2018-06-08T13:00:00.000Z",
"dateReserved": "2018-03-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:59:05.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14005 (GCVE-0-2017-14005)
Vulnerability from cvelistv5 – Published: 2017-10-17 22:00 – Updated: 2024-08-05 19:13| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/101259 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ProMinent MultiFLEX M10a Controller |
Affected:
ProMinent MultiFLEX M10a Controller
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:13:41.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101259",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101259"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ProMinent MultiFLEX M10a Controller",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ProMinent MultiFLEX M10a Controller"
}
]
}
],
"datePublic": "2017-10-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a user, the application does not require the user to know the original password. An attacker who is authenticated could change a user\u0027s password, enabling future access and possible configuration changes."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "101259",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101259"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-14005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ProMinent MultiFLEX M10a Controller",
"version": {
"version_data": [
{
"version_value": "ProMinent MultiFLEX M10a Controller"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a user, the application does not require the user to know the original password. An attacker who is authenticated could change a user\u0027s password, enabling future access and possible configuration changes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-620"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101259"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-14005",
"datePublished": "2017-10-17T22:00:00.000Z",
"dateReserved": "2017-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:13:41.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-224H-VF26-WVFW
Vulnerability from github – Published: 2024-12-12 15:31 – Updated: 2025-11-04 00:32The password change function at /cgi/admin.cgi does not require the current/old password, which makes the application vulnerable to account takeover. An attacker can use this to forcefully set a new password within the -rsetpass+-aaction+- parameter for a user without knowing the old password, e.g. by exploiting a CSRF issue.
{
"affected": [],
"aliases": [
"CVE-2024-28143"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-12T14:15:22Z",
"severity": "HIGH"
},
"details": "The password change function at /cgi/admin.cgi does not require the current/old password, which makes the application vulnerable to account takeover. An attacker can use this to forcefully set a new password within the -rsetpass+-aaction+- parameter\u00a0for a user without knowing the old password, e.g. by exploiting a CSRF issue.",
"id": "GHSA-224h-vf26-wvfw",
"modified": "2025-11-04T00:32:15Z",
"published": "2024-12-12T15:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28143"
},
{
"type": "WEB",
"url": "https://r.sec-consult.com/imageaccess"
},
{
"type": "WEB",
"url": "https://www.imageaccess.de/?page=SupportPortal\u0026lang=en"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Dec/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-24XJ-R6RG-2W25
Vulnerability from github – Published: 2025-02-07 15:32 – Updated: 2025-02-07 15:32Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoint ‘/public/cgi/Gateway.php’.
{
"affected": [],
"aliases": [
"CVE-2025-1107"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-07T14:15:48Z",
"severity": "CRITICAL"
},
"details": "Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user\u0027s password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoint \u2018/public/cgi/Gateway.php\u2019.",
"id": "GHSA-24xj-r6rg-2w25",
"modified": "2025-02-07T15:32:38Z",
"published": "2025-02-07T15:32:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1107"
},
{
"type": "WEB",
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janto"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation
When prompting for a password change, force the user to provide the original password in addition to the new password.
Mitigation
Do not use "forgotten password" functionality. But if you must, ensure that you are only providing information to the actual user, e.g. by using an email address or challenge question that the legitimate user already provided in the past; do not allow the current user to change this identity information until the correct password has been provided.
No CAPEC attack patterns related to this CWE.