CWE-620
AllowedUnverified Password Change
Abstraction: Base · Status: Draft
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.
157 vulnerabilities reference this CWE, most recent first.
GHSA-69Q5-9Q88-37JM
Vulnerability from github – Published: 2025-04-24 09:30 – Updated: 2026-04-08 21:33The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. This is due to the plugin not properly validating a user's identity prior to updating a password. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
{
"affected": [],
"aliases": [
"CVE-2025-3607"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-24T09:15:31Z",
"severity": "HIGH"
},
"details": "The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. This is due to the plugin not properly validating a user\u0027s identity prior to updating a password. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user\u0027s passwords, including administrators, and leverage that to gain access to their account.",
"id": "GHSA-69q5-9q88-37jm",
"modified": "2026-04-08T21:33:04Z",
"published": "2025-04-24T09:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3607"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/frontend-login-and-registration-blocks/trunk/inc/class-flr-blocks-lost-password.php#L115"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3325911/#file10"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3325911/#file35"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b06ce1e4-5cfb-415d-ad09-db194d6b4354?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6F58-J323-6472
Vulnerability from github – Published: 2023-10-31 22:23 – Updated: 2025-11-10 21:56Impact
As old password can be set as new password , it is considered as password policy violation.
Pimcore is not enforcing strict password policy which allow attacker to set old password as new password
Proof of Concept 1. Go to Admin link 2. login and click on -> "User | My Profile". 3. Go to change password now put old password as new password and click save.
Patches
https://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea.patch
Workarounds
Update to version 1.2.0 or apply this patches manually https://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea.patch
References
https://huntr.com/bounties/b031199d-192a-46e5-8c02-f7284ad74021/
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "pimcore/admin-ui-classic-bundle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.0-RC1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-5844"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-620"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-31T22:23:18Z",
"nvd_published_at": "2023-10-30T11:15:39Z",
"severity": "MODERATE"
},
"details": "### Impact\nAs old password can be set as new password , it is considered as password policy violation.\n\nPimcore is not enforcing strict password policy which allow attacker to set old password as new password\n\nProof of Concept\n1. Go to Admin link\n2. login and click on -\u003e \"User | My Profile\".\n3. Go to change password now put old password as new password and click save.\n\n### Patches\nhttps://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea.patch\n\n### Workarounds\nUpdate to version 1.2.0 or apply this patches manually\nhttps://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea.patch\n\n### References\nhttps://huntr.com/bounties/b031199d-192a-46e5-8c02-f7284ad74021/",
"id": "GHSA-6f58-j323-6472",
"modified": "2025-11-10T21:56:15Z",
"published": "2023-10-31T22:23:18Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-6f58-j323-6472"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5844"
},
{
"type": "WEB",
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea"
},
{
"type": "PACKAGE",
"url": "https://github.com/pimcore/admin-ui-classic-bundle"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/b031199d-192a-46e5-8c02-f7284ad74021"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "pimcore/admin-ui-classic-bundle Unverified Password Change"
}
GHSA-6GJ4-63C6-7CG5
Vulnerability from github – Published: 2025-05-12 06:30 – Updated: 2025-05-12 06:30The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user's password and use the modified password to log into the system.
{
"affected": [],
"aliases": [
"CVE-2025-4558"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-12T04:15:35Z",
"severity": "CRITICAL"
},
"details": "The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user\u0027s password and use the modified password to log into the system.",
"id": "GHSA-6gj4-63c6-7cg5",
"modified": "2025-05-12T06:30:32Z",
"published": "2025-05-12T06:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4558"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/en/cp-139-10115-f5f14-2.html"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/tw/cp-132-10114-10b4b-1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-6RQ7-6R98-39FR
Vulnerability from github – Published: 2025-01-20 15:31 – Updated: 2025-01-20 15:31IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password.
{
"affected": [],
"aliases": [
"CVE-2024-45647"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-20T15:15:07Z",
"severity": "MODERATE"
},
"details": "IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password.",
"id": "GHSA-6rq7-6r98-39fr",
"modified": "2025-01-20T15:31:24Z",
"published": "2025-01-20T15:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45647"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7176212"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-6W7X-R67F-JR7G
Vulnerability from github – Published: 2024-10-30 15:30 – Updated: 2024-10-30 15:30The LevelOne WBR-6012 router's web application has a vulnerability in its firmware version R0.40e6, allowing attackers to change the administrator password and gain higher privileges without the current password.
{
"affected": [],
"aliases": [
"CVE-2024-33699"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-30T14:15:07Z",
"severity": "CRITICAL"
},
"details": "The LevelOne WBR-6012 router\u0027s web application has a vulnerability in its firmware version R0.40e6, allowing attackers to change the administrator password and gain higher privileges without the current password.",
"id": "GHSA-6w7x-r67f-jr7g",
"modified": "2024-10-30T15:30:46Z",
"published": "2024-10-30T15:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33699"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1984"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-738G-29RJ-2MJW
Vulnerability from github – Published: 2026-01-07 12:31 – Updated: 2026-01-07 12:31Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules).This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.3, from 2023.0.0 before 2023.0.8, from 2022.1.0 before 2022.1.11, from 2022.0.0 before 2022.0.10.
{
"affected": [],
"aliases": [
"CVE-2025-11235"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-07T12:16:46Z",
"severity": "LOW"
},
"details": "Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules).This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.3, from 2023.0.0 before 2023.0.8, from 2022.1.0 before 2022.1.11, from 2022.0.0 before 2022.0.10.",
"id": "GHSA-738g-29rj-2mjw",
"modified": "2026-01-07T12:31:19Z",
"published": "2026-01-07T12:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11235"
},
{
"type": "WEB",
"url": "https://docs.progress.com/bundle/moveit-transfer-release-notes-2023_1/page/Fixed-Issues-in-2023.1.3.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-787X-8WCQ-JHQ8
Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-09 18:30An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an attacker who has already gained access to a victim's user account to reset the account credentials without being prompted for the account's password
{
"affected": [],
"aliases": [
"CVE-2025-59808"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-09T18:15:55Z",
"severity": "MODERATE"
},
"details": "An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an attacker who has already gained access to a victim\u0027s user account to reset the account credentials without being prompted for the account\u0027s password",
"id": "GHSA-787x-8wcq-jhq8",
"modified": "2025-12-09T18:30:46Z",
"published": "2025-12-09T18:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59808"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-599"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-79VC-RC2R-M8RF
Vulnerability from github – Published: 2026-07-09 15:32 – Updated: 2026-07-09 15:32A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the web API. This could allow an authenticated attacker to bypass security controls and gain unauthorized elevated privileges.
{
"affected": [],
"aliases": [
"CVE-2026-54801"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-09T15:16:36Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions \u003c V26.20), SICORE Base system (All versions \u003c V26.20.0). The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the web API. This could allow an authenticated attacker to bypass security controls and gain unauthorized elevated privileges.",
"id": "GHSA-79vc-rc2r-m8rf",
"modified": "2026-07-09T15:32:34Z",
"published": "2026-07-09T15:32:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54801"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-229470.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-7H8M-Q77P-V3XR
Vulnerability from github – Published: 2025-05-12 00:30 – Updated: 2025-05-12 00:30A vulnerability has been found in ContiNew Admin up to 3.6.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/system/user/1/password. The manipulation leads to unverified password change. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-4552"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-12T00:15:16Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in ContiNew Admin up to 3.6.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/system/user/1/password. The manipulation leads to unverified password change. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-7h8m-q77p-v3xr",
"modified": "2025-05-12T00:30:33Z",
"published": "2025-05-12T00:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4552"
},
{
"type": "WEB",
"url": "https://github.com/uglory-gll/javasec/blob/main/continew-admin.md#21dev-apisystemuser1password-only-assigning-password-reset-permission-can-reset-the-super-administrator-password"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.308299"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.308299"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.567572"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-7M8M-72M7-5VCC
Vulnerability from github – Published: 2026-05-26 13:30 – Updated: 2026-05-26 13:30Unverified password change in Devolutions Server allows an attacker to change a user's password without providing the previous one via a crafted password change request.
This issue affects :
- Devolutions Server 2026.1.6.0 through 2026.1.16.0
- Devolutions Server 2025.3.20.0 and earlier
{
"affected": [],
"aliases": [
"CVE-2026-9249"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-22T16:16:25Z",
"severity": "LOW"
},
"details": "Unverified password change in Devolutions Server allows an attacker to change a user\u0027s password without providing the previous one via a crafted password change request.\n\nThis issue affects :\n\n * Devolutions Server 2026.1.6.0 through 2026.1.16.0\n * Devolutions Server 2025.3.20.0 and earlier",
"id": "GHSA-7m8m-72m7-5vcc",
"modified": "2026-05-26T13:30:19Z",
"published": "2026-05-26T13:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9249"
},
{
"type": "WEB",
"url": "https://devolutions.net/security/advisories/DEVO-2026-0013"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
When prompting for a password change, force the user to provide the original password in addition to the new password.
Mitigation
Do not use "forgotten password" functionality. But if you must, ensure that you are only providing information to the actual user, e.g. by using an email address or challenge question that the legitimate user already provided in the past; do not allow the current user to change this identity information until the correct password has been provided.
No CAPEC attack patterns related to this CWE.