Vulnerabilities (CVE)

Filtered by CWE-640
Total 162 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5172 2 Cloudfoundry, Pivotal Software 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa 2024-02-28 7.5 HIGH 9.8 CRITICAL
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.
CVE-2017-9543 1 Echatserver 1 Easy Chat Server 2024-02-28 5.0 MEDIUM 7.5 HIGH
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.
CVE-2017-7629 1 Qnap 1 Qts 2024-02-28 5.0 MEDIUM 7.5 HIGH
QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function.
CVE-2017-12850 1 Kanboard 1 Kanboard 2024-02-28 4.0 MEDIUM 8.8 HIGH
An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.
CVE-2017-8613 1 Microsoft 1 Azure Active Directory Connect 2024-02-28 6.8 MEDIUM 8.1 HIGH
Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Azure AD Connect Elevation of Privilege Vulnerability."
CVE-2015-3189 2 Cloudfoundry, Pivotal Software 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa 2024-02-28 4.3 MEDIUM 3.7 LOW
With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
CVE-2017-12851 1 Kanboard 1 Kanboard 2024-02-28 4.0 MEDIUM 8.8 HIGH
An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.
CVE-2017-7731 1 Fortinet 1 Fortiportal 2024-02-28 5.0 MEDIUM 7.5 HIGH
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature.
CVE-2015-7257 1 Zte 2 Zxv10 W300, Zxv10 W300 Firmware 2024-02-28 8.5 HIGH 7.5 HIGH
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin".
CVE-2017-14005 1 Prominent 2 Multiflex M10a Controller, Multiflex M10a Controller Firmware 2024-02-28 6.5 MEDIUM 8.8 HIGH
An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a user, the application does not require the user to know the original password. An attacker who is authenticated could change a user's password, enabling future access and possible configuration changes.
CVE-2015-4689 1 Ellucian 1 Banner Student 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset arbitrary passwords via unspecified vectors, aka "Weak Password Reset."
CVE-2017-17097 1 Gps-server 1 Gps Tracking Software 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password. This is related to the use of gmdate for password creation in fn_connect.php.
CVE-2016-7038 1 Moodle 1 Moodle 2024-02-28 5.0 MEDIUM 7.3 HIGH
In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.
CVE-2016-2349 1 Bmc 1 Remedy Action Request System 2024-02-28 5.0 MEDIUM 7.5 HIGH
Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password.
CVE-2017-7615 1 Mantisbt 1 Mantisbt 2024-02-28 6.5 MEDIUM 8.8 HIGH
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
CVE-2017-5594 1 Pagekit 1 Pagekit 2024-02-28 4.3 MEDIUM 7.5 HIGH
An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.
CVE-2016-8716 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2024-02-28 3.3 LOW 7.5 HIGH
An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials.
CVE-2017-2766 1 Emc 1 Documentum Eroom 2024-02-28 7.5 HIGH 9.8 CRITICAL
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system.
CVE-2017-8385 1 Craftcms 1 Craft Cms 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.
CVE-2017-8295 1 Wordpress 1 Wordpress 2024-02-28 4.3 MEDIUM 5.9 MEDIUM
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of the SERVER_NAME variable in wp-includes/pluggable.php in conjunction with the PHP mail function. Exploitation is not achievable in all cases because it requires at least one of the following: (1) the attacker can prevent the victim from receiving any e-mail messages for an extended period of time (such as 5 days), (2) the victim's e-mail system sends an autoresponse containing the original message, or (3) the victim manually composes a reply containing the original message.