Vulnerabilities (CVE)

Filtered by CWE-640
Total 165 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-4096 1 Fujitsu 1 Arconte Aurea 2024-02-28 N/A 8.2 HIGH
Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which exploitation could allow an attacker to perform a brute force attack on the emailed PIN number in order to change the password of a legitimate user.
CVE-2023-46138 1 Fit2cloud 1 Jumpserver 2024-02-28 N/A 5.3 MEDIUM
JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is `admin[@]mycompany[.]com`, and users reset their passwords by sending an email. Currently, the domain `mycompany.com` has not been registered. However, if it is registered in the future, it may affect the password reset functionality. This issue has been patched in version 3.8.0 by changing the default email domain to `example.com`. Those who cannot upgrade may change the default email domain to `example.com` manually.
CVE-2023-44399 1 Zitadel 1 Zitadel 2024-02-28 N/A 5.3 MEDIUM
ZITADEL provides identity infrastructure. In versions 2.37.2 and prior, ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. While this settings was properly working during the authentication process it did not work correctly on the password reset flow. This meant that even if this feature was active that an attacker could use the password reset function to verify if an account exist within ZITADEL. This bug has been patched in versions 2.37.3 and 2.38.0. No known workarounds are available.
CVE-2023-3222 1 Password Recovery Project 1 Password Recovery 2024-02-28 N/A 7.5 HIGH
Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values because the platform has no limit on the number of requests.
CVE-2023-43650 1 Fit2cloud 1 Jumpserver 2024-02-28 N/A 7.4 HIGH
JumpServer is an open source bastion host. The verification code for resetting user's password is vulnerable to brute-force attacks due to the absence of rate limiting. JumpServer provides a feature allowing users to reset forgotten passwords. Affected users are sent a 6-digit verification code, ranging from 000000 to 999999, to facilitate the password reset. Although the code is only available in 1 minute, this window potentially allows for up to 1,000,000 validation attempts. This issue has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-5840 1 Linkstack 1 Linkstack 2024-02-28 N/A 8.8 HIGH
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository linkstackorg/linkstack prior to v4.2.9.
CVE-2023-35134 1 Weintek 1 Weincloud 2024-02-28 N/A 5.9 MEDIUM
Weintek Weincloud v0.13.6 could allow an attacker to reset a password with the corresponding account’s JWT token only.
CVE-2023-34357 1 Scshr 1 Hr Portal 2024-02-28 N/A 7.8 HIGH
Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has the line can thus use the URL again to change the password in order to take over the account.
CVE-2023-31459 1 Mitel 1 Mivoice Connect 2024-02-28 N/A 8.8 HIGH
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands.
CVE-2022-45637 1 Megafeis 1 Bofei Dbd\+ 2024-02-28 N/A 9.8 CRITICAL
An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism.
CVE-2023-26615 1 Dlink 2 Dir-823g, Dir-823g Firmware 2024-02-28 N/A 7.5 HIGH
D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management password.
CVE-2021-36436 1 Mobicint 1 Mobicint 2024-02-28 N/A 5.3 MEDIUM
An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint.
CVE-2023-31287 1 Serenity 2 Serene, Startsharp 2024-02-28 N/A 7.8 HIGH
An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3 hours after issuance and is sent as a query parameter when resetting. An attacker with access to the browser history can thus use the token again to change the password in order to take over the account.
CVE-2023-28821 1 Concretecms 1 Concrete Cms 2024-02-28 N/A 5.3 MEDIUM
Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets.
CVE-2023-30466 1 Milesight 40 Ms-n1004-uc, Ms-n1004-uc Firmware, Ms-n1004-upc and 37 more 2024-02-28 N/A 9.8 CRITICAL
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device. Successful exploitation of this vulnerability could allow remote attacker to account takeover on the targeted device.
CVE-2022-47377 1 Sick 2 Sim2000 Firmware, Sim2000st 2024-02-28 N/A 9.8 CRITICAL
Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.13.4 as soon as possible (available in SICK Support Portal).
CVE-2022-25027 1 Rocketsoftware 1 Trufusion Enterprise 2024-02-28 N/A 7.5 HIGH
The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked.
CVE-2020-12067 1 Pilz 1 Pmc 2024-02-28 N/A 7.5 HIGH
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's password may be changed by an attacker without knowledge of the current password.
CVE-2022-3485 1 Ifm 4 Moneo Qha200, Moneo Qha200 Firmware, Moneo Qha210 and 1 more 2024-02-28 N/A 9.8 CRITICAL
In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number and thus gain full control of the device.
CVE-2022-26872 1 Ami 1 Megarac Sp-x 2024-02-28 N/A 8.8 HIGH
AMI Megarac Password reset interception via API