CWE-640
Allowed-with-ReviewWeak Password Recovery Mechanism for Forgotten Password
Abstraction: Base · Status: Incomplete
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
393 vulnerabilities reference this CWE, most recent first.
CVE-2023-5296 (GCVE-0-2023-5296)
Vulnerability from cvelistv5 – Published: 2023-09-29 21:31 – Updated: 2024-09-23 16:17- CWE-640 - Weak Password Recovery
| URL | Tags |
|---|---|
| https://vuldb.com/?id.240926 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.240926 | signaturepermissions-required |
| https://github.com/magicwave18/vuldb/issues/1 | exploitissue-tracking |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.240926"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.240926"
},
{
"tags": [
"exploit",
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/magicwave18/vuldb/issues/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5296",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T16:17:03.498850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T16:17:38.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Password Handler"
],
"product": "RockOA",
"vendor": "Xinhu",
"versions": [
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "15.X3amdi"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "magicwave18 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic. Affected by this issue is some unknown functionality of the file api.php?m=reimplat\u0026a=index of the component Password Handler. The manipulation leads to weak password recovery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-240926 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Xinhu RockOA 1.1/2.3.2/15.X3amdi gefunden. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei api.php?m=reimplat\u0026a=index der Komponente Password Handler. Durch Manipulation mit unbekannten Daten kann eine weak password recovery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T04:54:31.430Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.240926"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.240926"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/magicwave18/vuldb/issues/1"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-09-29T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-09-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-10-22T14:39:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "Xinhu RockOA Password password recovery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-5296",
"datePublished": "2023-09-29T21:31:04.441Z",
"dateReserved": "2023-09-29T14:27:36.046Z",
"dateUpdated": "2024-09-23T16:17:38.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4448 (GCVE-0-2023-4448)
Vulnerability from cvelistv5 – Published: 2023-08-21 02:00 – Updated: 2024-10-04 18:00- CWE-640 - Weak Password Recovery
| URL | Tags |
|---|---|
| https://vuldb.com/?id.237569 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.237569 | signaturepermissions-required |
| https://github.com/OpenRapid/rapidcms/issues/5 | exploitissue-tracking |
| https://github.com/OpenRapid/rapidcms/commit/4dff… | patch |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:05.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.237569"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.237569"
},
{
"tags": [
"exploit",
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/OpenRapid/rapidcms/issues/5"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/OpenRapid/rapidcms/commit/4dff387283060961c362d50105ff8da8ea40bcbe#diff-fc57d4c69cf5912c6edb5233c6df069a91106ebd481c115faf1ea124478b26d0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4448",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T17:59:43.087075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T18:00:12.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RapidCMS",
"vendor": "OpenRapid",
"versions": [
{
"status": "affected",
"version": "1.3.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "TXPH (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue affects some unknown processing of the file admin/run-movepass.php. The manipulation of the argument password/password2 leads to weak password recovery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 4dff387283060961c362d50105ff8da8ea40bcbe. It is recommended to apply a patch to fix this issue. The identifier VDB-237569 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in OpenRapid RapidCMS 1.3.1 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei admin/run-movepass.php. Mit der Manipulation des Arguments password/password2 mit unbekannten Daten kann eine weak password recovery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 4dff387283060961c362d50105ff8da8ea40bcbe bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T14:44:02.503Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.237569"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.237569"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/OpenRapid/rapidcms/issues/5"
},
{
"tags": [
"patch"
],
"url": "https://github.com/OpenRapid/rapidcms/commit/4dff387283060961c362d50105ff8da8ea40bcbe#diff-fc57d4c69cf5912c6edb5233c6df069a91106ebd481c115faf1ea124478b26d0"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-08-20T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-08-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-09-13T21:53:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "OpenRapid RapidCMS run-movepass.php password recovery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4448",
"datePublished": "2023-08-21T02:00:04.791Z",
"dateReserved": "2023-08-20T07:11:30.609Z",
"dateUpdated": "2024-10-04T18:00:12.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3222 (GCVE-0-2023-3222)
Vulnerability from cvelistv5 – Published: 2023-09-04 12:49 – Updated: 2024-09-30 18:46- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
| Vendor | Product | Version | |
|---|---|---|---|
| AlfnRU | Password Recovery Plugin |
Affected:
1.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:07.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-roundcube-password-recovery-plugin"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3222",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T18:46:03.515106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T18:46:16.475Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Password Recovery Plugin",
"vendor": "AlfnRU",
"versions": [
{
"status": "affected",
"version": "1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Pedro Jos\u00e9 Navas P\u00e9rez"
}
],
"datePublic": "2023-08-31T12:08:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user\u00b4s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values because the platform has no limit on the number of requests."
}
],
"value": "Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user\u00b4s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values because the platform has no limit on the number of requests."
}
],
"impacts": [
{
"capecId": "CAPEC-50",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-50 Password Recovery Exploitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T12:49:47.169Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-roundcube-password-recovery-plugin"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Vulnerability in the password recovery mechanism of Roundcube Password Recovery Plugin",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2023-3222",
"datePublished": "2023-09-04T12:49:47.169Z",
"dateReserved": "2023-06-13T15:40:03.340Z",
"dateUpdated": "2024-09-30T18:46:16.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3007 (GCVE-0-2023-3007)
Vulnerability from cvelistv5 – Published: 2023-05-31 11:31 – Updated: 2024-08-02 06:41- CWE-640 - Weak Password Recovery
| URL | Tags |
|---|---|
| https://vuldb.com/?id.230354 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.230354 | signaturepermissions-required |
| https://github.com/Xor-Gerke/webray.com.cn/blob/m… | broken-linkexploit |
| Vendor | Product | Version | |
|---|---|---|---|
| ningzichun | Student Management System |
Affected:
1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.230354"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.230354"
},
{
"tags": [
"broken-link",
"exploit",
"x_transferred"
],
"url": "https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/student-management-system/password_reset.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Password Reset Handler"
],
"product": "Student Management System",
"vendor": "ningzichun",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "webray.com.cn (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ningzichun Student Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file resetPassword.php of the component Password Reset Handler. The manipulation of the argument sid leads to weak password recovery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230354 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in ningzichun Student Management System 1.0 ausgemacht. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei resetPassword.php der Komponente Password Reset Handler. Durch die Manipulation des Arguments sid mit unbekannten Daten kann eine weak password recovery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.4,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T07:36:03.263Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.230354"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.230354"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/student-management-system/password_reset.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-05-31T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-05-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-07-24T16:00:24.000Z",
"value": "VulDB entry last update"
}
],
"title": "ningzichun Student Management System Password Reset resetPassword.php password recovery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-3007",
"datePublished": "2023-05-31T11:31:03.046Z",
"dateReserved": "2023-05-31T11:01:45.300Z",
"dateUpdated": "2024-08-02T06:41:04.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50910 (GCVE-0-2022-50910)
Vulnerability from cvelistv5 – Published: 2026-01-13 22:51 – Updated: 2026-03-05 01:29- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/50923 | exploit |
| https://www.beehiveforum.co.uk/ | product |
| https://sourceforge.net/projects/beehiveforum/ | product |
| https://imgur.com/a/hVlgpCg | exploit |
| https://www.vulncheck.com/advisories/beehive-foru… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Beehive Forum | Beehive Forum |
Affected:
1.5.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-50910",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T15:51:21.759830Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T19:20:13.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50923"
},
{
"tags": [
"exploit"
],
"url": "https://www.vulncheck.com/advisories/beehive-forum-account-takeover"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Beehive Forum",
"vendor": "Beehive Forum",
"versions": [
{
"status": "affected",
"version": "1.5.2"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beehive_forum:beehive_forum:1.5.2:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pablo Santiago"
}
],
"datePublic": "2022-08-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Beehive Forum 1.5.2 contains a host header injection vulnerability in the forgot password functionality that allows attackers to manipulate password reset requests. Attackers can inject a malicious host header to intercept password reset tokens and change victim account passwords without direct authentication."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:29:29.421Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-50923",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50923"
},
{
"name": "Beehive Forum Official Website",
"tags": [
"product"
],
"url": "https://www.beehiveforum.co.uk/"
},
{
"name": "Beehive Forum SourceForge Project",
"tags": [
"product"
],
"url": "https://sourceforge.net/projects/beehiveforum/"
},
{
"name": "Proof of Concept Imgur",
"tags": [
"exploit"
],
"url": "https://imgur.com/a/hVlgpCg"
},
{
"name": "VulnCheck Advisory: Beehive Forum - Account Takeover",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/beehive-forum-account-takeover"
}
],
"title": "Beehive Forum - Account Takeover",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2022-50910",
"datePublished": "2026-01-13T22:51:50.562Z",
"dateReserved": "2026-01-11T13:14:18.876Z",
"dateUpdated": "2026-03-05T01:29:29.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-37300 (GCVE-0-2022-37300)
Vulnerability from cvelistv5 – Published: 2022-09-12 17:40 – Updated: 2024-08-03 10:29- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
| URL | Tags |
|---|---|
| https://www.se.com/us/en/download/document/SEVD-2… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | EcoStruxure Control Expert |
Affected:
SP1 , ≤ 15.0
(custom)
|
|
| Schneider Electric | EcoStruxure Process Expert |
Affected:
V , ≤ 2021
(custom)
|
|
| Schneider Electric | Modicon M340 CPU |
Affected:
BMXP34 , ≤ 3.40
(custom)
|
|
| Schneider Electric | Modicon M580 CPU |
Affected:
BMEP , ≤ 3.20
(custom)
Affected: BMEH , ≤ 3.20 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:20.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/us/en/download/document/SEVD-2022-221-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure Control Expert",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "15.0",
"status": "affected",
"version": "SP1",
"versionType": "custom"
}
]
},
{
"product": "EcoStruxure Process Expert",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "2021",
"status": "affected",
"version": "V",
"versionType": "custom"
}
]
},
{
"product": "Modicon M340 CPU",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "3.40",
"status": "affected",
"version": "BMXP34",
"versionType": "custom"
}
]
},
{
"product": "Modicon M580 CPU",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "3.20",
"status": "affected",
"version": "BMEP",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.20",
"status": "affected",
"version": "BMEH",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-12T17:40:10.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/us/en/download/document/SEVD-2022-221-01/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2022-37300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure Control Expert",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "SP1",
"version_value": "15.0"
}
]
}
},
{
"product_name": "EcoStruxure Process Expert",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "V",
"version_value": "2021"
}
]
}
},
{
"product_name": "Modicon M340 CPU",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "BMXP34",
"version_value": "3.40"
}
]
}
},
{
"product_name": "Modicon M580 CPU",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "BMEP",
"version_value": "3.20"
},
{
"version_affected": "\u003c=",
"version_name": "BMEH",
"version_value": "3.20"
}
]
}
}
]
},
"vendor_name": "Schneider Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/us/en/download/document/SEVD-2022-221-01/",
"refsource": "MISC",
"url": "https://www.se.com/us/en/download/document/SEVD-2022-221-01/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-37300",
"datePublished": "2022-09-12T17:40:10.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:29:20.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29174 (GCVE-0-2022-29174)
Vulnerability from cvelistv5 – Published: 2022-05-17 20:45 – Updated: 2025-04-23 18:25- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
| URL | Tags |
|---|---|
| https://github.com/Countly/countly-server/securit… | x_refsource_CONFIRM |
| https://github.com/Countly/countly-server/commit/… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Countly | countly-server |
Affected:
< 21.11.4
Affected: >= 22.0.0, < 22.03.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:53.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Countly/countly-server/security/advisories/GHSA-98vh-wqw5-p23v"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Countly/countly-server/commit/2bfa1ee1fa46e9bb007cf8687ad197ab9c604999"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29174",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:53:12.624160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:25:30.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "countly-server",
"vendor": "Countly",
"versions": [
{
"status": "affected",
"version": "\u003c 21.11.4"
},
{
"status": "affected",
"version": "\u003e= 22.0.0, \u003c 22.03.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the database is capable of guessing the password reset token. The actor may use this information to reset the password and take over the account. The problem has been patched in Countly Server version 22.03.7 for servers using the new user interface and in 21.11.4 for servers using the old user interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-17T20:45:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Countly/countly-server/security/advisories/GHSA-98vh-wqw5-p23v"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Countly/countly-server/commit/2bfa1ee1fa46e9bb007cf8687ad197ab9c604999"
}
],
"source": {
"advisory": "GHSA-98vh-wqw5-p23v",
"discovery": "UNKNOWN"
},
"title": "Predictable password reset token may lead to account takeover in countly-server",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29174",
"STATE": "PUBLIC",
"TITLE": "Predictable password reset token may lead to account takeover in countly-server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "countly-server",
"version": {
"version_data": [
{
"version_value": "\u003c 21.11.4"
},
{
"version_value": "\u003e= 22.0.0, \u003c 22.03.7"
}
]
}
}
]
},
"vendor_name": "Countly"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the database is capable of guessing the password reset token. The actor may use this information to reset the password and take over the account. The problem has been patched in Countly Server version 22.03.7 for servers using the new user interface and in 21.11.4 for servers using the old user interface."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Countly/countly-server/security/advisories/GHSA-98vh-wqw5-p23v",
"refsource": "CONFIRM",
"url": "https://github.com/Countly/countly-server/security/advisories/GHSA-98vh-wqw5-p23v"
},
{
"name": "https://github.com/Countly/countly-server/commit/2bfa1ee1fa46e9bb007cf8687ad197ab9c604999",
"refsource": "MISC",
"url": "https://github.com/Countly/countly-server/commit/2bfa1ee1fa46e9bb007cf8687ad197ab9c604999"
}
]
},
"source": {
"advisory": "GHSA-98vh-wqw5-p23v",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-29174",
"datePublished": "2022-05-17T20:45:10.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:25:30.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26872 (GCVE-0-2022-26872)
Vulnerability from cvelistv5 – Published: 2023-01-30 15:55 – Updated: 2025-02-13 16:32- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
| Vendor | Product | Version | |
|---|---|---|---|
| AMI | MegaRAC SPx-12 |
Affected:
0 , ≤ SPx12-Update-6.00
(Custom)
|
|
| AMI | MegaRAC SPx-13 |
Affected:
0 , ≤ SPx13-Update-4.00
(Custom)
|
|
| ami | megarac_spx |
Affected:
12.0 , ≤ 12.6
(custom)
cpe:2.3:a:ami:megarac_spx:12.0:*:*:*:*:*:*:* |
|
| ami | megarac_spx |
Affected:
13.0 , ≤ 13.4
(custom)
cpe:2.3:a:ami:megarac_spx:13.0:*:*:*:*:*:*:* |
|
| netapp | hci_baseboard_management_controller |
Affected:
h300s
Affected: h410s Affected: h500s Affected: h610c Affected: h610s Affected: h615c Affected: h700s cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_baseboard_management_controller:h610c:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_baseboard_management_controller:h615c:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:18:38.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/730007"
},
{
"tags": [
"x_transferred"
],
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023001.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230731-0008/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ami:megarac_spx:12.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "megarac_spx",
"vendor": "ami",
"versions": [
{
"lessThanOrEqual": "12.6",
"status": "affected",
"version": "12.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:ami:megarac_spx:13.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "megarac_spx",
"vendor": "ami",
"versions": [
{
"lessThanOrEqual": "13.4",
"status": "affected",
"version": "13.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*",
"cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*",
"cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*",
"cpe:2.3:a:netapp:hci_baseboard_management_controller:h610c:*:*:*:*:*:*:*",
"cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*",
"cpe:2.3:a:netapp:hci_baseboard_management_controller:h615c:*:*:*:*:*:*:*",
"cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hci_baseboard_management_controller",
"vendor": "netapp",
"versions": [
{
"status": "affected",
"version": "h300s"
},
{
"status": "affected",
"version": "h410s"
},
{
"status": "affected",
"version": "h500s"
},
{
"status": "affected",
"version": "h610c"
},
{
"status": "affected",
"version": "h610s"
},
{
"status": "affected",
"version": "h615c"
},
{
"status": "affected",
"version": "h700s"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26872",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T17:53:58.510180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T18:10:27.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MegaRAC SPx-12",
"vendor": "AMI",
"versions": [
{
"lessThanOrEqual": "SPx12-Update-6.00",
"status": "affected",
"version": "0",
"versionType": "Custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MegaRAC SPx-13",
"vendor": "AMI",
"versions": [
{
"lessThanOrEqual": "SPx13-Update-4.00",
"status": "affected",
"version": "0",
"versionType": "Custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Vlad Bakin from Eclypsium Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "AMI Megarac Password reset interception via API"
}
],
"value": "AMI Megarac Password reset interception via API"
}
],
"impacts": [
{
"capecId": "CAPEC-50",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-50 Password Recovery Exploitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T18:06:52.733Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023001.pdf"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230731-0008/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "See\u0026nbsp;AMI-SA-2023001"
}
],
"value": "See\u00a0AMI-SA-2023001"
}
],
"source": {
"advisory": "AMI-SA-2023001",
"discovery": "UNKNOWN"
},
"title": "Password reset interception via API",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2022-26872",
"datePublished": "2023-01-30T15:55:38.826Z",
"dateReserved": "2022-03-10T20:41:30.778Z",
"dateUpdated": "2025-02-13T16:32:31.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24892 (GCVE-0-2022-24892)
Vulnerability from cvelistv5 – Published: 2022-04-28 14:20 – Updated: 2025-04-23 18:31- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
| URL | Tags |
|---|---|
| https://docs.shopware.com/en/shopware-5-en/securi… | x_refsource_MISC |
| https://www.shopware.com/en/changelog-sw5/#5-7-9 | x_refsource_MISC |
| https://github.com/shopware/shopware/security/adv… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:29:00.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.shopware.com/en/changelog-sw5/#5-7-9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/shopware/shopware/security/advisories/GHSA-3qrq-r688-vvh4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:53:43.218437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:31:35.369Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "shopware",
"vendor": "shopware",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.0.4, \u003c 5.7.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim\u0027s account if they somehow gain access to the victims email account and find an unused password reset token in the emails. This issue is fixed in version 5.7.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-28T14:20:12.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.shopware.com/en/changelog-sw5/#5-7-9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/shopware/shopware/security/advisories/GHSA-3qrq-r688-vvh4"
}
],
"source": {
"advisory": "GHSA-3qrq-r688-vvh4",
"discovery": "UNKNOWN"
},
"title": "Multiple valid tokens for password reset in Shopware",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24892",
"STATE": "PUBLIC",
"TITLE": "Multiple valid tokens for password reset in Shopware"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "shopware",
"version": {
"version_data": [
{
"version_value": "\u003e= 5.0.4, \u003c 5.7.9"
}
]
}
}
]
},
"vendor_name": "shopware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim\u0027s account if they somehow gain access to the victims email account and find an unused password reset token in the emails. This issue is fixed in version 5.7.9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022",
"refsource": "MISC",
"url": "https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022"
},
{
"name": "https://www.shopware.com/en/changelog-sw5/#5-7-9",
"refsource": "MISC",
"url": "https://www.shopware.com/en/changelog-sw5/#5-7-9"
},
{
"name": "https://github.com/shopware/shopware/security/advisories/GHSA-3qrq-r688-vvh4",
"refsource": "CONFIRM",
"url": "https://github.com/shopware/shopware/security/advisories/GHSA-3qrq-r688-vvh4"
}
]
},
"source": {
"advisory": "GHSA-3qrq-r688-vvh4",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24892",
"datePublished": "2022-04-28T14:20:12.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:31:35.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22691 (GCVE-0-2022-22691)
Vulnerability from cvelistv5 – Published: 2022-01-18 16:52 – Updated: 2024-09-16 23:46- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
| URL | Tags |
|---|---|
| https://appcheck-ng.com/umbraco-applicationurl-ov… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Umbraco | Umbraco CMS |
Affected:
unspecified , < 9.2.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:48.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://appcheck-ng.com/umbraco-applicationurl-overwrite-persistent-password-reset-poison-cve-2022-22690-cve-2022-22691/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Umbraco CMS",
"vendor": "Umbraco",
"versions": [
{
"lessThan": "9.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "AppCheck Ltd"
}
],
"datePublic": "2022-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset token if/when the link is followed. A related vulnerability (CVE-2022-22690) could allow this flaw to become persistent so that all password reset URLs are affected persistently following a successful attack. See the AppCheck advisory for further information and associated caveats."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-18T16:52:20.000Z",
"orgId": "2c188fdb-58e1-4908-8fce-3e437b94f1ae",
"shortName": "AppCheck"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://appcheck-ng.com/umbraco-applicationurl-overwrite-persistent-password-reset-poison-cve-2022-22690-cve-2022-22691/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Umbraco Password Reset URL Poison",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@appcheck-ng.com",
"DATE_PUBLIC": "2022-01-18T14:26:00.000Z",
"ID": "CVE-2022-22691",
"STATE": "PUBLIC",
"TITLE": "Umbraco Password Reset URL Poison"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Umbraco CMS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.2.0"
}
]
}
}
]
},
"vendor_name": "Umbraco"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "AppCheck Ltd"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset token if/when the link is followed. A related vulnerability (CVE-2022-22690) could allow this flaw to become persistent so that all password reset URLs are affected persistently following a successful attack. See the AppCheck advisory for further information and associated caveats."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://appcheck-ng.com/umbraco-applicationurl-overwrite-persistent-password-reset-poison-cve-2022-22690-cve-2022-22691/",
"refsource": "MISC",
"url": "https://appcheck-ng.com/umbraco-applicationurl-overwrite-persistent-password-reset-poison-cve-2022-22690-cve-2022-22691/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2c188fdb-58e1-4908-8fce-3e437b94f1ae",
"assignerShortName": "AppCheck",
"cveId": "CVE-2022-22691",
"datePublished": "2022-01-18T16:52:20.429Z",
"dateReserved": "2022-01-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:46:59.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Make sure that all input supplied by the user to the password recovery mechanism is thoroughly filtered and validated.
Mitigation
Do not use standard weak security questions and use several security questions.
Mitigation
Make sure that there is throttling on the number of incorrect answers to a security question. Disable the password recovery functionality after a certain (small) number of incorrect guesses.
Mitigation
Require that the user properly answers the security question prior to resetting their password and sending the new password to the e-mail address of record.
Mitigation
Never allow the user to control what e-mail address the new password will be sent to in the password recovery mechanism.
Mitigation
Assign a new temporary password rather than revealing the original password.
CAPEC-50: Password Recovery Exploitation
An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure.