CWE-640
Allowed-with-ReviewWeak Password Recovery Mechanism for Forgotten Password
Abstraction: Base · Status: Incomplete
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
393 vulnerabilities reference this CWE, most recent first.
CVE-2020-37172 (GCVE-0-2020-37172)
Vulnerability from cvelistv5 – Published: 2026-02-11 20:33 – Updated: 2026-02-12 18:48- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/48003 | exploit |
| https://avideo.com | product |
| https://github.com/WWBN/AVideo | product |
| https://www.vulncheck.com/advisories/avideo-platf… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| AVideo | AVideo Platform |
Affected:
8.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37172",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T18:48:03.982687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T18:48:14.759Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AVideo Platform",
"vendor": "AVideo",
"versions": [
{
"status": "affected",
"version": "8.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ihsan Sencan"
}
],
"datePublic": "2020-02-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user\u0027s recovery token to change account credentials without authentication."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T20:36:57.220Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48003",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48003"
},
{
"name": "Official AVideo Platform Homepage",
"tags": [
"product"
],
"url": "https://avideo.com"
},
{
"name": "AVideo GitHub Repository",
"tags": [
"product"
],
"url": "https://github.com/WWBN/AVideo"
},
{
"name": "VulnCheck Advisory: AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/avideo-platform-cross-site-request-forgery-password-reset"
}
],
"title": "AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37172",
"datePublished": "2026-02-11T20:33:33.722Z",
"dateReserved": "2026-02-10T17:46:27.015Z",
"dateUpdated": "2026-02-12T18:48:14.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-37158 (GCVE-0-2020-37158)
Vulnerability from cvelistv5 – Published: 2026-02-11 20:49 – Updated: 2026-02-20 15:03| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/48003 | exploit |
| https://avideo.com | product |
| https://github.com/WWBN/AVideo | product |
| https://www.vulncheck.com/advisories/avideo-platf… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| AVideo | AVideo Platform |
Affected:
8.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37158",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T21:42:53.049222Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T21:44:10.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AVideo Platform",
"vendor": "AVideo",
"versions": [
{
"status": "affected",
"version": "8.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ihsan Sencan"
}
],
"datePublic": "2020-02-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user\u0027s recovery token to change account credentials without authentication.\u003c/p\u003e"
}
],
"value": "AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user\u0027s recovery token to change account credentials without authentication."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T15:03:08.480Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48003",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48003"
},
{
"name": "Official AVideo Platform Homepage",
"tags": [
"product"
],
"url": "https://avideo.com"
},
{
"name": "AVideo GitHub Repository",
"tags": [
"product"
],
"url": "https://github.com/WWBN/AVideo"
},
{
"name": "VulnCheck Advisory: AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/avideo-platform-cross-site-request-forgery-password-reset"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37158",
"datePublished": "2026-02-11T20:49:49.113Z",
"dateReserved": "2026-02-03T16:27:45.310Z",
"dateUpdated": "2026-02-20T15:03:08.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-5361 (GCVE-0-2020-5361)
Vulnerability from cvelistv5 – Published: 2021-01-04 21:15 – Updated: 2024-09-16 23:06- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00018074… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000180741/dsa-2020-119-dell-client-products-unauthorized-bios-password-reset-tool-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "All",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-12-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized password generation tools that can generate BIOS recovery passwords. The tools, which are not authorized by Dell, can be used by a physically present attacker to reset BIOS passwords and BIOS-managed Hard Disk Drive (HDD) passwords. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to bypass security restrictions for BIOS Setup configuration, HDD access and BIOS pre-boot authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T21:15:22.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000180741/dsa-2020-119-dell-client-products-unauthorized-bios-password-reset-tool-vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-12-18",
"ID": "CVE-2020-5361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CPG BIOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized password generation tools that can generate BIOS recovery passwords. The tools, which are not authorized by Dell, can be used by a physically present attacker to reset BIOS passwords and BIOS-managed Hard Disk Drive (HDD) passwords. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to bypass security restrictions for BIOS Setup configuration, HDD access and BIOS pre-boot authentication."
}
]
},
"impact": {
"cvss": {
"baseScore": 5.1,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000180741/dsa-2020-119-dell-client-products-unauthorized-bios-password-reset-tool-vulnerability",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000180741/dsa-2020-119-dell-client-products-unauthorized-bios-password-reset-tool-vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5361",
"datePublished": "2021-01-04T21:15:22.213Z",
"dateReserved": "2020-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:06:25.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6560 (GCVE-0-2019-6560)
Vulnerability from cvelistv5 – Published: 2020-03-23 19:37 – Updated: 2024-08-04 20:23- CWE-640 - WEAK PASSWORD RECOVERY MECHANISM FOR FORGOTTEN PASSWORD CWE-640
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-20-051-04 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Auto-Maskin RP210E Versions 3.7 and prior DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App) |
Affected:
Auto-Maskin RP210E Versions 3.7 and prior DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:21.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Auto-Maskin RP210E Versions 3.7 and prior DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Auto-Maskin RP210E Versions 3.7 and prior DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "WEAK PASSWORD RECOVERY MECHANISM FOR FORGOTTEN PASSWORD CWE-640",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-23T19:37:33.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-6560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Auto-Maskin RP210E Versions 3.7 and prior DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App)",
"version": {
"version_data": [
{
"version_value": "Auto-Maskin RP210E Versions 3.7 and prior DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "WEAK PASSWORD RECOVERY MECHANISM FOR FORGOTTEN PASSWORD CWE-640"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-6560",
"datePublished": "2020-03-23T19:37:33.000Z",
"dateReserved": "2019-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:23:21.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16529 (GCVE-0-2018-16529)
Vulnerability from cvelistv5 – Published: 2019-03-28 16:02 – Updated: 2024-08-05 10:24- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
| URL | Tags |
|---|---|
| https://seclists.org/fulldisclosure/2018/Nov/23 | x_refsource_MISC |
| https://help.forcepoint.com/security/CVE/CVE-2018… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Forcepoint | Forcepoint Email Security |
Affected:
8.5.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/23"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2018-16529.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Forcepoint Email Security",
"vendor": "Forcepoint",
"versions": [
{
"status": "affected",
"version": "8.5.x"
}
]
}
],
"datePublic": "2018-11-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-10T17:09:52.000Z",
"orgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"shortName": "forcepoint"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/23"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2018-16529.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@forcepoint.com",
"ID": "CVE-2018-16529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Forcepoint Email Security",
"version": {
"version_data": [
{
"version_value": "8.5.x"
}
]
}
}
]
},
"vendor_name": "Forcepoint"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2018/Nov/23",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/23"
},
{
"name": "https://help.forcepoint.com/security/CVE/CVE-2018-16529.html",
"refsource": "CONFIRM",
"url": "https://help.forcepoint.com/security/CVE/CVE-2018-16529.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"assignerShortName": "forcepoint",
"cveId": "CVE-2018-16529",
"datePublished": "2019-03-28T16:02:03.000Z",
"dateReserved": "2018-09-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:24:32.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-10071 (GCVE-0-2015-10071)
Vulnerability from cvelistv5 – Published: 2023-01-19 09:22 – Updated: 2024-08-06 08:58- CWE-640 - Weak Password Recovery
| URL | Tags |
|---|---|
| https://vuldb.com/?id.218951 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.218951 | signaturepermissions-required |
| https://github.com/gitter-badger/ezpublish-modern… | patch |
| https://github.com/gitter-badger/ezpublish-modern… | patch |
| Vendor | Product | Version | |
|---|---|---|---|
| gitter-badger | ezpublish-modern-legacy |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:25.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.218951"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.218951"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/gitter-badger/ezpublish-modern-legacy/commit/5908d5ee65fec61ce0e321d586530461a210bf2a"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/gitter-badger/ezpublish-modern-legacy/releases/tag/1.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ezpublish-modern-legacy",
"vendor": "gitter-badger",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in gitter-badger ezpublish-modern-legacy. It has been rated as problematic. This issue affects some unknown processing of the file kernel/user/forgotpassword.php. The manipulation leads to weak password recovery. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.0 is able to address this issue. The patch is named 5908d5ee65fec61ce0e321d586530461a210bf2a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218951."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in gitter-badger ezpublish-modern-legacy ausgemacht. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei kernel/user/forgotpassword.php. Durch das Manipulieren mit unbekannten Daten kann eine weak password recovery-Schwachstelle ausgenutzt werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Ein Aktualisieren auf die Version 1.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 5908d5ee65fec61ce0e321d586530461a210bf2a bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.4,
"vectorString": "AV:A/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T08:45:26.848Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.218951"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.218951"
},
{
"tags": [
"patch"
],
"url": "https://github.com/gitter-badger/ezpublish-modern-legacy/commit/5908d5ee65fec61ce0e321d586530461a210bf2a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/gitter-badger/ezpublish-modern-legacy/releases/tag/1.0"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-01-18T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-01-18T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-02-15T09:49:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "gitter-badger ezpublish-modern-legacy forgotpassword.php password recovery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2015-10071",
"datePublished": "2023-01-19T09:22:37.907Z",
"dateReserved": "2023-01-18T20:46:09.036Z",
"dateUpdated": "2024-08-06T08:58:25.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-22M3-C7VP-49FJ
Vulnerability from github – Published: 2026-03-04 20:33 – Updated: 2026-03-06 15:16Impact
An attacker can manipulate the HTTP Host header on a password reset or account creation request. The confirmation link in the resulting email can then point to an attacker-controlled domain. Opening the link in the email is sufficient to pass the token to the attacker, who can then use it on the real IRRD instance to take over the account. A compromised account can then be used to modify RPSL objects maintained by the account's mntners and perform other account actions.
If the user had two-factor authentication configured, which is required for users with override access, an attacker is not able to log in, even after successfully resetting the password.
This issue affects IRRD 4.5.0 and all 4.4.x versions prior to 4.4.5. IRRD 4.3 and earlier are not affected, as they did not include the web UI.
Cause
Email links in account creation, password reset, and mntner migration emails were generated from the HTTP request context, allowing an attacker to manipulate the HTTP Host header to redirect these links to an attacker-controlled domain (password reset poisoning).
Resolution
Requests with a Host header that does not match server.http.url are now rejected, preventing Host header injection attacks against the web UI.
All existing password reset tokens are invalidated by this upgrade, rendering any tokens that may have been captured by an attacker unusable.
Patched versions: 4.4.5 and 4.5.1.
Workarounds
Configuring a reverse proxy (such as nginx) to reject requests where the Host header does not match the expected hostname is an effective workaround. Enabling two-factor authentication is strongly recommended for all users, as it prevents account takeover even if a password reset token is compromised.
Detecting exploitation
Because the victim never interacts with the real IRRD instance in this attack, it is difficult to detect exploitation from logs alone.
Indicators that an account was targeted or compromised:
- A
password reset email requestedfollowed bypassword (re)set successfullywhere the delay is longer than expected. Legitimate users actively waiting for a reset email tend to complete it quickly; victims who receive an unexpected email are less likely to click it immediately, resulting in a longer delay. - Users receiving a password reset mail without requesting one.
- If a successfully attacked user later attempts to log in with their original password, this appears in the logs as
user failed login due to invalid account or password.
After upgrading to a patched release, all existing password reset tokens are invalidated. Users who can still log in with their password after the upgrade can be certain their account has not been taken over.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "irrd"
},
"ranges": [
{
"events": [
{
"introduced": "4.4.0"
},
{
"fixed": "4.4.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "irrd"
},
"ranges": [
{
"events": [
{
"introduced": "4.5.0"
},
{
"fixed": "4.5.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-28681"
],
"database_specific": {
"cwe_ids": [
"CWE-601",
"CWE-640"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-04T20:33:21Z",
"nvd_published_at": "2026-03-06T05:16:37Z",
"severity": "HIGH"
},
"details": "## Impact\n\nAn attacker can manipulate the HTTP `Host` header on a password reset or account creation request. The confirmation link in the resulting email can then point to an attacker-controlled domain. Opening the link in the email is sufficient to pass the token to the attacker, who can then use it on the real IRRD instance to take over the account. A compromised account can then be used to modify RPSL objects maintained by the account\u0027s mntners and perform other account actions.\n\nIf the user had two-factor authentication configured, which is required for users with override access, an attacker is not able to log in, even after successfully resetting the password.\n\nThis issue affects IRRD 4.5.0 and all 4.4.x versions prior to 4.4.5. IRRD 4.3 and earlier are not affected, as they did not include the web UI.\n\n## Cause\n\nEmail links in account creation, password reset, and mntner migration emails were generated from the HTTP request context, allowing an attacker to manipulate the HTTP `Host` header to redirect these links to an attacker-controlled domain (password reset poisoning).\n\n## Resolution\n\nRequests with a `Host` header that does not match `server.http.url` are now rejected, preventing Host header injection attacks against the web UI.\n\nAll existing password reset tokens are invalidated by this upgrade, rendering any tokens that may have been captured by an attacker unusable.\n\nPatched versions: 4.4.5 and 4.5.1.\n\n## Workarounds\n\nConfiguring a reverse proxy (such as nginx) to reject requests where the `Host` header does not match the expected hostname is an effective workaround. Enabling two-factor authentication is strongly recommended for all users, as it prevents account takeover even if a password reset token is compromised.\n\n## Detecting exploitation\n\nBecause the victim never interacts with the real IRRD instance in this attack, it is difficult to detect exploitation from logs alone.\n\nIndicators that an account was targeted or compromised:\n\n- A `password reset email requested` followed by `password (re)set successfully` where the delay is longer than expected. Legitimate users actively waiting for a reset email tend to complete it quickly; victims who receive an unexpected email are less likely to click it immediately, resulting in a longer delay.\n- Users receiving a password reset mail without requesting one.\n- If a successfully attacked user later attempts to log in with their original password, this appears in the logs as `user failed login due to invalid account or password`.\n\nAfter upgrading to a patched release, all existing password reset tokens are invalidated. Users who can still log in with their password after the upgrade can be certain their account has not been taken over.",
"id": "GHSA-22m3-c7vp-49fj",
"modified": "2026-03-06T15:16:30Z",
"published": "2026-03-04T20:33:21Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/irrdnet/irrd/security/advisories/GHSA-22m3-c7vp-49fj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28681"
},
{
"type": "WEB",
"url": "https://github.com/irrdnet/irrd/commit/8408e0f1b9f47eb2f2e712d6153e32194df05fbb"
},
{
"type": "WEB",
"url": "https://github.com/irrdnet/irrd/commit/cf62df4a49d3891e80b2879d9b324d1af050000c"
},
{
"type": "PACKAGE",
"url": "https://github.com/irrdnet/irrd"
},
{
"type": "WEB",
"url": "https://irrd.readthedocs.io/en/stable/releases/4.4.5"
},
{
"type": "WEB",
"url": "https://irrd.readthedocs.io/en/stable/releases/4.5.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links"
}
GHSA-23J7-2RXW-3Q84
Vulnerability from github – Published: 2024-01-11 21:31 – Updated: 2024-01-11 21:31A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=reset_admin_psw. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250444.
{
"affected": [],
"aliases": [
"CVE-2024-0425"
],
"database_specific": {
"cwe_ids": [
"CWE-640"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-11T20:15:44Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=reset_admin_psw. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250444.",
"id": "GHSA-23j7-2rxw-3q84",
"modified": "2024-01-11T21:31:19Z",
"published": "2024-01-11T21:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0425"
},
{
"type": "WEB",
"url": "https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.250444"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.250444"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-246R-R2WF-FRHX
Vulnerability from github – Published: 2021-09-01 18:31 – Updated: 2021-09-03 15:58Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker knows the target's e-mail address. This issue was fixed in version 2.1.13 of the product. Please note that this issue is ultimately caused by the defaults provided by the Laravel framework, specifically how proxy headers are handled with respect to multi-tenant implementations. In other words, while this is not technically a vulnerability in Laravel, this default configuration is very likely to lead to practically identical identical vulnerabilities in Laravel projects that implement multi-tenant applications.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "akaunting/akaunting"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.13"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-36804"
],
"database_specific": {
"cwe_ids": [
"CWE-640"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-30T21:34:44Z",
"nvd_published_at": "2021-08-04T23:15:00Z",
"severity": "HIGH"
},
"details": "Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker knows the target\u0027s e-mail address. This issue was fixed in version 2.1.13 of the product. Please note that this issue is ultimately caused by the defaults provided by the Laravel framework, specifically how proxy headers are handled with respect to multi-tenant implementations. In other words, while this is not technically a vulnerability in Laravel, this default configuration is very likely to lead to practically identical identical vulnerabilities in Laravel projects that implement multi-tenant applications.",
"id": "GHSA-246r-r2wf-frhx",
"modified": "2021-09-03T15:58:46Z",
"published": "2021-09-01T18:31:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36804"
},
{
"type": "WEB",
"url": "https://github.com/laravel/laravel/pull/5477"
},
{
"type": "PACKAGE",
"url": "https://github.com/laravel/laravel"
},
{
"type": "WEB",
"url": "https://github.com/laravel/laravel/blob/75a7dba9c44ce3555cc57dd1826467839fd9774f/CHANGELOG.md#v844-2020-12-01"
},
{
"type": "WEB",
"url": "https://www.laravel-enlightn.com/docs/security/host-injection-analyzer.html"
},
{
"type": "WEB",
"url": "https://www.rapid7.com/blog/post/2021/07/27/multiple-open-source-web-app-vulnerabilities-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Malicious password-reset in Akaunting"
}
GHSA-252R-F55F-FF34
Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2025-04-22 17:43MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "mantisbt/mantisbt"
},
"ranges": [
{
"events": [
{
"introduced": "1.3.0-rc.2"
},
{
"fixed": "1.3.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "mantisbt/mantisbt"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.2.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "mantisbt/mantisbt"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-7615"
],
"database_specific": {
"cwe_ids": [
"CWE-640"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-22T17:43:35Z",
"nvd_published_at": "2017-04-16T14:59:00Z",
"severity": "HIGH"
},
"details": "MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.",
"id": "GHSA-252r-f55f-ff34",
"modified": "2025-04-22T17:43:35Z",
"published": "2022-05-13T01:16:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7615"
},
{
"type": "PACKAGE",
"url": "https://github.com/mantisbt/mantisbt"
},
{
"type": "WEB",
"url": "https://mantisbt.org/bugs/view.php?id=22690"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/41890"
},
{
"type": "WEB",
"url": "http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/159219/Mantis-Bug-Tracker-2.3.0-Remote-Code-Execution.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/04/16/2"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97707"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "MantisBT allows arbitrary password reset"
}
Mitigation
Make sure that all input supplied by the user to the password recovery mechanism is thoroughly filtered and validated.
Mitigation
Do not use standard weak security questions and use several security questions.
Mitigation
Make sure that there is throttling on the number of incorrect answers to a security question. Disable the password recovery functionality after a certain (small) number of incorrect guesses.
Mitigation
Require that the user properly answers the security question prior to resetting their password and sending the new password to the e-mail address of record.
Mitigation
Never allow the user to control what e-mail address the new password will be sent to in the password recovery mechanism.
Mitigation
Assign a new temporary password rather than revealing the original password.
CAPEC-50: Password Recovery Exploitation
An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure.