CWE-640
Allowed-with-ReviewWeak Password Recovery Mechanism for Forgotten Password
Abstraction: Base · Status: Incomplete
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
393 vulnerabilities reference this CWE, most recent first.
GHSA-F3CP-F6PH-XXHJ
Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2022-05-24 22:28In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. There is a rate limit in place, but the attack may still be conducted by stealing the session id from the physical compromise of the account and splitting the attack over several IP addresses and passing in the compromised session value from these various locations.
{
"affected": [],
"aliases": [
"CVE-2021-39899"
],
"database_specific": {
"cwe_ids": [
"CWE-640"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-04T17:15:00Z",
"severity": "MODERATE"
},
"details": "In all versions of GitLab CE/EE, an attacker with physical access to a user\u2019s machine may brute force the user\u2019s password via the change password function. There is a rate limit in place, but the attack may still be conducted by stealing the session id from the physical compromise of the account and splitting the attack over several IP addresses and passing in the compromised session value from these various locations.",
"id": "GHSA-f3cp-f6ph-xxhj",
"modified": "2022-05-24T22:28:35Z",
"published": "2022-05-24T22:28:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39899"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39899.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/339154"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-F3W6-R2G2-VX25
Vulnerability from github – Published: 2025-12-15 03:30 – Updated: 2025-12-15 03:30A vulnerability was identified in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this vulnerability is an unknown functionality of the file /api/GylOperator/UpdatePasswordBatch. The manipulation leads to weak password recovery. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-14696"
],
"database_specific": {
"cwe_ids": [
"CWE-640"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-15T02:15:36Z",
"severity": "MODERATE"
},
"details": "A vulnerability was identified in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this vulnerability is an unknown functionality of the file /api/GylOperator/UpdatePasswordBatch. The manipulation leads to weak password recovery. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-f3w6-r2g2-vx25",
"modified": "2025-12-15T03:30:18Z",
"published": "2025-12-15T03:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14696"
},
{
"type": "WEB",
"url": "https://github.com/zhangbuneng/Sissyun-Shanghui-7-Unauthorized-password-modificationfication-vulnerability./issues/1"
},
{
"type": "WEB",
"url": "https://github.com/zhangbuneng/Sissyun-Shanghui-7-Unauthorized-password-modificationfication-vulnerability./issues/1#issue-3688839620"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.336414"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.336414"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.705601"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-F473-4GX3-59RW
Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-05-24 17:30ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authentication bypass vulnerability. The ResetPassword function does not validate whether the user has successfully authenticated using security questions. An unauthenticated, remote attacker can send a crafted HTTP request to the /account/ResetPassword page to set a new password for any registered user.
{
"affected": [],
"aliases": [
"CVE-2020-26061"
],
"database_specific": {
"cwe_ids": [
"CWE-640"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-05T14:15:00Z",
"severity": "HIGH"
},
"details": "ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authentication bypass vulnerability. The ResetPassword function does not validate whether the user has successfully authenticated using security questions. An unauthenticated, remote attacker can send a crafted HTTP request to the /account/ResetPassword page to set a new password for any registered user.",
"id": "GHSA-f473-4gx3-59rw",
"modified": "2022-05-24T17:30:06Z",
"published": "2022-05-24T17:30:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26061"
},
{
"type": "WEB",
"url": "https://github.com/missing0x00/CVE-2020-26061"
},
{
"type": "WEB",
"url": "https://www.clickstudios.com.au/passwordstate-changelog.aspx"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-FCC4-FHGG-298H
Vulnerability from github – Published: 2022-05-14 01:38 – Updated: 2022-05-14 01:38An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password.
{
"affected": [],
"aliases": [
"CVE-2018-17298"
],
"database_specific": {
"cwe_ids": [
"CWE-640"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-21T07:29:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password.",
"id": "GHSA-fcc4-fhgg-298h",
"modified": "2022-05-14T01:38:22Z",
"published": "2022-05-14T01:38:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17298"
},
{
"type": "WEB",
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=4050b0aafd18346d9a6a06967bfb1170824dab17"
},
{
"type": "WEB",
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=b87d3b807f39c00371ebaa50f938cb0110113538"
},
{
"type": "WEB",
"url": "https://tuleap.net/plugins/tracker/?aid=12219"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FCHW-39VQ-2WVV
Vulnerability from github – Published: 2022-05-17 01:57 – Updated: 2022-05-17 01:57An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.
{
"affected": [],
"aliases": [
"CVE-2017-12850"
],
"database_specific": {
"cwe_ids": [
"CWE-640"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-14T20:29:00Z",
"severity": "HIGH"
},
"details": "An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.",
"id": "GHSA-fchw-39vq-2wvv",
"modified": "2022-05-17T01:57:51Z",
"published": "2022-05-17T01:57:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12850"
},
{
"type": "WEB",
"url": "https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100352"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FCMX-4FPP-MG5Q
Vulnerability from github – Published: 2025-11-23 21:30 – Updated: 2025-11-23 21:30A weakness has been identified in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the file /model/user/resetPassword.php. Executing manipulation can lead to weak password recovery. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.
{
"affected": [],
"aliases": [
"CVE-2025-13565"
],
"database_specific": {
"cwe_ids": [
"CWE-640"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-23T19:15:46Z",
"severity": "MODERATE"
},
"details": "A weakness has been identified in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the file /model/user/resetPassword.php. Executing manipulation can lead to weak password recovery. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.",
"id": "GHSA-fcmx-4fpp-mg5q",
"modified": "2025-11-23T21:30:32Z",
"published": "2025-11-23T21:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13565"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.333329"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.333329"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.697984"
},
{
"type": "WEB",
"url": "https://www.notion.so/Unauthenticated-Password-Reset-Vulnerability-in-SourceCodester-Inventory-Management-System-2b023917db8c8001b5ecf4c50a54dfbd?source=copy_link"
},
{
"type": "WEB",
"url": "https://www.sourcecodester.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-FCV8-P4GW-6X4X
Vulnerability from github – Published: 2022-05-24 17:32 – Updated: 2022-05-24 17:32konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens.
{
"affected": [],
"aliases": [
"CVE-2020-27179"
],
"database_specific": {
"cwe_ids": [
"CWE-640"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-27T05:15:00Z",
"severity": "CRITICAL"
},
"details": "konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens.",
"id": "GHSA-fcv8-p4gw-6x4x",
"modified": "2022-05-24T17:32:35Z",
"published": "2022-05-24T17:32:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27179"
},
{
"type": "WEB",
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-publixone"
},
{
"type": "WEB",
"url": "https://seclists.org/fulldisclosure/2020/Oct/28"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-FGMJ-4XC2-M385
Vulnerability from github – Published: 2022-05-17 02:56 – Updated: 2022-05-17 02:56EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system.
{
"affected": [],
"aliases": [
"CVE-2017-2766"
],
"database_specific": {
"cwe_ids": [
"CWE-640"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-03T07:59:00Z",
"severity": "CRITICAL"
},
"details": "EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system.",
"id": "GHSA-fgmj-4xc2-m385",
"modified": "2022-05-17T02:56:02Z",
"published": "2022-05-17T02:56:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2766"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/540077/30/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95893"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FJ36-8FJ3-C7Q3
Vulnerability from github – Published: 2021-11-20 00:00 – Updated: 2021-11-23 00:00Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning.
{
"affected": [],
"aliases": [
"CVE-2021-44037"
],
"database_specific": {
"cwe_ids": [
"CWE-640"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-19T17:15:00Z",
"severity": "HIGH"
},
"details": "Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning.",
"id": "GHSA-fj36-8fj3-c7q3",
"modified": "2021-11-23T00:00:54Z",
"published": "2021-11-20T00:00:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44037"
},
{
"type": "WEB",
"url": "https://teampasswordmanager.com/docs/changelog/#10.135.236"
},
{
"type": "WEB",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-060.txt"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-FJ69-P8F6-Q97H
Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2024-02-28 18:38With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions prior to 2.2.5 and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.cloudfoundry.identity:cloudfoundry-identity-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2015-3189"
],
"database_specific": {
"cwe_ids": [
"CWE-640"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-28T18:38:31Z",
"nvd_published_at": "2017-05-25T17:29:00Z",
"severity": "LOW"
},
"details": "With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions prior to 2.2.5 and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.",
"id": "GHSA-fj69-p8f6-q97h",
"modified": "2024-02-28T18:38:31Z",
"published": "2022-05-13T01:07:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3189"
},
{
"type": "WEB",
"url": "https://github.com/cloudfoundry/uaa/commit/a79b89f6e4f66626914b029b7a15a423491f8013"
},
{
"type": "PACKAGE",
"url": "https://github.com/cloudfoundry/uaa"
},
{
"type": "WEB",
"url": "https://github.com/cloudfoundry/uaa/commits/2.2.5"
},
{
"type": "WEB",
"url": "https://github.com/cloudfoundry/uaa/compare/2.2.4...2.2.5"
},
{
"type": "WEB",
"url": "https://github.com/cloudfoundry/uaa/compare/2.2.5...2.2.6"
},
{
"type": "WEB",
"url": "https://pivotal.io/security/cve-2015-3189"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password"
}
Mitigation
Make sure that all input supplied by the user to the password recovery mechanism is thoroughly filtered and validated.
Mitigation
Do not use standard weak security questions and use several security questions.
Mitigation
Make sure that there is throttling on the number of incorrect answers to a security question. Disable the password recovery functionality after a certain (small) number of incorrect guesses.
Mitigation
Require that the user properly answers the security question prior to resetting their password and sending the new password to the e-mail address of record.
Mitigation
Never allow the user to control what e-mail address the new password will be sent to in the password recovery mechanism.
Mitigation
Assign a new temporary password rather than revealing the original password.
CAPEC-50: Password Recovery Exploitation
An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure.