CWE-620
AllowedUnverified Password Change
Abstraction: Base · Status: Draft
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.
157 vulnerabilities reference this CWE, most recent first.
GHSA-2R3P-M9QP-P35M
Vulnerability from github – Published: 2024-07-26 18:30 – Updated: 2024-08-01 18:32An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 allows an attacker to bypass authentication and perform arbitrary password resets.
{
"affected": [],
"aliases": [
"CVE-2024-26520"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-26T17:15:11Z",
"severity": "CRITICAL"
},
"details": "An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 allows an attacker to bypass authentication and perform arbitrary password resets.",
"id": "GHSA-2r3p-m9qp-p35m",
"modified": "2024-08-01T18:32:50Z",
"published": "2024-07-26T18:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26520"
},
{
"type": "WEB",
"url": "https://idssgmcc.github.io/aran.github.io/2.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-39GF-864W-PXW4
Vulnerability from github – Published: 2022-08-23 00:00 – Updated: 2024-11-22 18:11Versions of OctoPrint prior to 1.8.3 did not require the current user password in order to change that users password. As a result users could be locked out of their accounts or have their accounts stolen under certain circumstances.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "OctoPrint"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-2930"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": true,
"github_reviewed_at": "2022-08-30T20:25:13Z",
"nvd_published_at": "2022-08-22T12:15:00Z",
"severity": "MODERATE"
},
"details": "Versions of OctoPrint prior to 1.8.3 did not require the current user password in order to change that users password. As a result users could be locked out of their accounts or have their accounts stolen under certain circumstances.",
"id": "GHSA-39gf-864w-pxw4",
"modified": "2024-11-22T18:11:50Z",
"published": "2022-08-23T00:00:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2930"
},
{
"type": "WEB",
"url": "https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f"
},
{
"type": "PACKAGE",
"url": "https://github.com/octoprint/octoprint"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-43142.yaml"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Unverified Password Change in OctoPrint"
}
GHSA-3HXX-HMH7-HXPR
Vulnerability from github – Published: 2025-10-16 15:30 – Updated: 2025-10-16 18:30FelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset (magic) links using the untrusted req.headers.host header and forces the http:// scheme. An attacker who can control the Host header (or exploit a misconfigured proxy/load-balancer that forwards the header unchanged) can cause reset links to point to attacker-controlled domains or be delivered via insecure HTTP, enabling token theft, phishing, and account takeover.
{
"affected": [],
"aliases": [
"CVE-2025-61536"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-16T15:15:34Z",
"severity": "HIGH"
},
"details": "FelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset (magic) links using the untrusted `req.headers.host` header and forces the `http://` scheme. An attacker who can control the `Host` header (or exploit a misconfigured proxy/load-balancer that forwards the header unchanged) can cause reset links to point to attacker-controlled domains or be delivered via insecure HTTP, enabling token theft, phishing, and account takeover.",
"id": "GHSA-3hxx-hmh7-hxpr",
"modified": "2025-10-16T18:30:23Z",
"published": "2025-10-16T15:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61536"
},
{
"type": "WEB",
"url": "https://github.com/FelixRiddle/dev-jobs-handlebars"
},
{
"type": "WEB",
"url": "https://github.com/bugdotexe/Vulnerability-Research/tree/main/CVE-2025-61536"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-3JRG-97F3-RQH9
Vulnerability from github – Published: 2025-05-20 19:26 – Updated: 2025-05-20 19:26Problem
The backend user management interface allows password changes without requiring the current password. When an administrator updates their own account or modifies other user accounts via the admin interface, the current password is not requested for verification.
This behavior may lower the protection against unauthorized access in scenarios where an admin session is hijacked or left unattended, as it enables password changes without additional authentication.
Solution
Update to TYPO3 versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, 13.4.12 LTS that fix the problem described.
[!NOTE] In these versions, administrators are required to verify their identity through step-up authentication (also known as sudo mode) when changing backend user passwords.
Credits
Thanks to the National Cyber Security Center (NCSC) of Switzerland for reporting this issue, and to TYPO3 core & security team member Benjamin Franzke for fixing it.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.5.50"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-core"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.5.51"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.5.50"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-setup"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.5.51"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.4.49"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-core"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.4.50"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 11.5.43"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-core"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0"
},
{
"fixed": "11.5.44"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.4.30"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-core"
},
"ranges": [
{
"events": [
{
"introduced": "12.0.0"
},
{
"fixed": "12.4.31"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 13.4.11"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-core"
},
"ranges": [
{
"events": [
{
"introduced": "13.0.0"
},
{
"fixed": "13.4.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.4.49"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-setup"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.4.50"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 11.5.43"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-setup"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0"
},
{
"fixed": "11.5.44"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.4.30"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-setup"
},
"ranges": [
{
"events": [
{
"introduced": "12.0.0"
},
{
"fixed": "12.4.31"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 13.4.11"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-setup"
},
"ranges": [
{
"events": [
{
"introduced": "13.0.0"
},
{
"fixed": "13.4.12"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-47938"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-20T19:26:38Z",
"nvd_published_at": "2025-05-20T14:15:50Z",
"severity": "LOW"
},
"details": "### Problem\nThe backend user management interface allows password changes without requiring the current password. When an administrator updates their own account or modifies other user accounts via the admin interface, the current password is not requested for verification.\n\nThis behavior may lower the protection against unauthorized access in scenarios where an admin session is hijacked or left unattended, as it enables password changes without additional authentication.\n\n### Solution\nUpdate to TYPO3 versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, 13.4.12 LTS that fix the problem described.\n\n\u003e [!NOTE]\n\u003e In these versions, administrators are required to verify their identity through step-up authentication (also known as sudo mode) when changing backend user passwords.\n\n### Credits\nThanks to the National Cyber Security Center (NCSC) of Switzerland for reporting this issue, and to TYPO3 core \u0026 security team member Benjamin Franzke for fixing it.",
"id": "GHSA-3jrg-97f3-rqh9",
"modified": "2025-05-20T19:26:38Z",
"published": "2025-05-20T19:26:38Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3jrg-97f3-rqh9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47938"
},
{
"type": "WEB",
"url": "https://github.com/TYPO3-CMS/core/commit/b9a8bcb614ecdd42aa27e1c430c6213d6b6b20b3"
},
{
"type": "WEB",
"url": "https://github.com/TYPO3-CMS/setup/commit/60572dd050d8d861921889a19599bfe045fed5fd"
},
{
"type": "WEB",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2025-013"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "TYPO3 Unverified Password Change for Backend Users"
}
GHSA-3VMR-C5F4-VPXF
Vulnerability from github – Published: 2023-11-22 18:30 – Updated: 2023-11-22 18:30The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-2448 and CVE-2023-2446, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2023-2449"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-22T16:15:08Z",
"severity": "CRITICAL"
},
"details": "The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-2448 and CVE-2023-2446, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability.",
"id": "GHSA-3vmr-c5f4-vpxf",
"modified": "2023-11-22T18:30:55Z",
"published": "2023-11-22T18:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2449"
},
{
"type": "WEB",
"url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de9be7bc-4f8a-4393-8ebb-1b1f141b7585?source=cve"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3VXJ-947V-9GFH
Vulnerability from github – Published: 2023-08-16 12:30 – Updated: 2023-08-16 12:30Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
{
"affected": [],
"aliases": [
"CVE-2023-4381"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-16T12:15:13Z",
"severity": "MODERATE"
},
"details": "Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git.",
"id": "GHSA-3vxj-947v-9gfh",
"modified": "2023-08-16T12:30:55Z",
"published": "2023-08-16T12:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4381"
},
{
"type": "WEB",
"url": "https://github.com/instantsoft/icms2/commit/58f8b9941b53b606a1b15a4364005cd2b1965507"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/666c2617-e3e9-4955-9c97-2f8ed5262cc3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3W3H-97P3-6XQH
Vulnerability from github – Published: 2025-06-04 09:31 – Updated: 2025-06-04 09:31The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-supplied key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords through the password reset functionality, including administrators, and leverage that to reset the user's password and gain access to their account.
{
"affected": [],
"aliases": [
"CVE-2025-5482"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-04T08:15:22Z",
"severity": "HIGH"
},
"details": "The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-supplied key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user\u0027s passwords through the password reset functionality, including administrators, and leverage that to reset the user\u0027s password and gain access to their account.",
"id": "GHSA-3w3h-97p3-6xqh",
"modified": "2025-06-04T09:31:36Z",
"published": "2025-06-04T09:31:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5482"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/sunshine-photo-cart/trunk/includes/functions/account.php#L303"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3305406%40sunshine-photo-cart%2Ftrunk\u0026old=3261773%40sunshine-photo-cart%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5311b43c-14dd-4bdd-b6d0-d6468b831968?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-45PG-8QP2-9CMJ
Vulnerability from github – Published: 2025-05-19 03:30 – Updated: 2025-05-19 03:30A vulnerability, which was classified as critical, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). This affects the function sub_41F4F0 of the file /H5/webgl.asp?tggl_port=0&remote_management=0&http_passwd=game&exec_service=admin-restart. The manipulation leads to unverified password change. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-4903"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-19T01:15:21Z",
"severity": "MODERATE"
},
"details": "A vulnerability, which was classified as critical, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). This affects the function sub_41F4F0 of the file /H5/webgl.asp?tggl_port=0\u0026remote_management=0\u0026http_passwd=game\u0026exec_service=admin-restart. The manipulation leads to unverified password change. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-45pg-8qp2-9cmj",
"modified": "2025-05-19T03:30:29Z",
"published": "2025-05-19T03:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4903"
},
{
"type": "WEB",
"url": "https://github.com/at0de/my_vulns/blob/main/Dlink/Di-7003GV2/webgl_asp.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.309459"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.309459"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.578051"
},
{
"type": "WEB",
"url": "https://www.dlink.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-46GC-WC69-MW4H
Vulnerability from github – Published: 2026-01-26 18:31 – Updated: 2026-01-28 21:31Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account passwords to be changed through the maintenance interface without requiring verification of the existing password. This enables unauthorized password changes when access to the affected endpoint is obtained.
{
"affected": [],
"aliases": [
"CVE-2026-24440"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-26T18:16:41Z",
"severity": "HIGH"
},
"details": "Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account passwords to be changed through the maintenance interface without requiring verification of the existing password. This enables unauthorized password changes when access to the affected endpoint is obtained.",
"id": "GHSA-46gc-wc69-mw4h",
"modified": "2026-01-28T21:31:20Z",
"published": "2026-01-26T18:31:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24440"
},
{
"type": "WEB",
"url": "https://www.tendacn.com/product/W30E"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/tenda-w30e-v2-allows-password-change-without-verifying-current-password"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4GMM-R9MC-3P3G
Vulnerability from github – Published: 2026-02-27 21:31 – Updated: 2026-02-27 21:31SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persistent access to the management interface.
{
"affected": [],
"aliases": [
"CVE-2026-27757"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-27T19:16:09Z",
"severity": "HIGH"
},
"details": "SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persistent access to the management interface.",
"id": "GHSA-4gmm-r9mc-3p3g",
"modified": "2026-02-27T21:31:22Z",
"published": "2026-02-27T21:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27757"
},
{
"type": "WEB",
"url": "https://www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-switch-4-x-2-5g-base-t-ports-2-x-10g-sfp-static-aggregation-qos-vlan-igmp-2-5gb-network-home-lab-switch"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/sodola-sl902-swtgw124as-unverified-password-change"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
When prompting for a password change, force the user to provide the original password in addition to the new password.
Mitigation
Do not use "forgotten password" functionality. But if you must, ensure that you are only providing information to the actual user, e.g. by using an email address or challenge question that the legitimate user already provided in the past; do not allow the current user to change this identity information until the correct password has been provided.
No CAPEC attack patterns related to this CWE.