CWE-620
AllowedUnverified Password Change
Abstraction: Base · Status: Draft
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.
157 vulnerabilities reference this CWE, most recent first.
GHSA-Q45P-9X4J-2GJF
Vulnerability from github – Published: 2024-07-05 18:34 – Updated: 2024-07-08 15:31An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via a crafted request to the Password Change mechanism.
{
"affected": [],
"aliases": [
"CVE-2024-27715"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-05T17:15:11Z",
"severity": "HIGH"
},
"details": "An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via a crafted request to the Password Change mechanism.",
"id": "GHSA-q45p-9x4j-2gjf",
"modified": "2024-07-08T15:31:55Z",
"published": "2024-07-05T18:34:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27715"
},
{
"type": "WEB",
"url": "https://blog.be-hacktive.com/eskooly-cve/cve-2024-27715-inadequate-password-update-verification-in-eskooly-web-product-less-than-v3.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q5Q5-QR9G-74CH
Vulnerability from github – Published: 2024-08-13 18:31 – Updated: 2024-08-13 18:31A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup.
{
"affected": [],
"aliases": [
"CVE-2024-21757"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-13T16:15:08Z",
"severity": "MODERATE"
},
"details": "A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup.",
"id": "GHSA-q5q5-qr9g-74ch",
"modified": "2024-08-13T18:31:15Z",
"published": "2024-08-13T18:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21757"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-467"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q8F4-3C5X-8GV3
Vulnerability from github – Published: 2025-05-12 18:31 – Updated: 2025-05-12 18:31An authenticated user attempting to change their password could do so without using the current password.
{
"affected": [],
"aliases": [
"CVE-2025-46748"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-12T17:15:48Z",
"severity": "LOW"
},
"details": "An authenticated user attempting to change their password could do so without using the current password.",
"id": "GHSA-q8f4-3c5x-8gv3",
"modified": "2025-05-12T18:31:48Z",
"published": "2025-05-12T18:31:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46748"
},
{
"type": "WEB",
"url": "https://selinc.com/products/software/latest-software-versions"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R5MP-Q6W8-MRH9
Vulnerability from github – Published: 2025-02-18 09:32 – Updated: 2025-02-18 09:32The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. This is due to the plugin not properly validating a token prior to updating a user's password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
{
"affected": [],
"aliases": [
"CVE-2024-12860"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-18T09:15:08Z",
"severity": "CRITICAL"
},
"details": "The CarSpot \u2013 Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. This is due to the plugin not properly validating a token prior to updating a user\u0027s password. This makes it possible for unauthenticated attackers to change arbitrary user\u0027s passwords, including administrators, and leverage that to gain access to their account.",
"id": "GHSA-r5mp-q6w8-mrh9",
"modified": "2025-02-18T09:32:45Z",
"published": "2025-02-18T09:32:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12860"
},
{
"type": "WEB",
"url": "https://themeforest.net/item/carspot-automotive-car-dealer-wordpress-classified-theme/20195539"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d1043dce-628f-485b-bc1c-b78938c2a6f5?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R95M-RM59-P2HP
Vulnerability from github – Published: 2025-06-27 09:31 – Updated: 2025-06-27 09:31The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. This is due to the plugin not properly checking for an empty token value prior to resetting a user's password through the dwt_listing_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
{
"affected": [],
"aliases": [
"CVE-2024-12827"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-27T09:15:24Z",
"severity": "CRITICAL"
},
"details": "The DWT - Directory \u0026 Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. This is due to the plugin not properly checking for an empty token value prior to resetting a user\u0027s password through the dwt_listing_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user\u0027s passwords, including administrators, and leverage that to gain access to their account.",
"id": "GHSA-r95m-rm59-p2hp",
"modified": "2025-06-27T09:31:19Z",
"published": "2025-06-27T09:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12827"
},
{
"type": "WEB",
"url": "https://themeforest.net/item/dwt-listing-directory-listing-wordpress-theme/21976132"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/51fc7d47-2a0f-4713-9859-120321aa32dc?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RP56-X26J-363P
Vulnerability from github – Published: 2024-07-22 15:32 – Updated: 2024-07-22 15:32A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of administrative accounts of the affected applications can be reset without requiring the knowledge of the current password, given the auto login is enabled. This could allow an unauthorized attacker to obtain administrative access of the affected applications.
{
"affected": [],
"aliases": [
"CVE-2024-37998"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-22T14:15:05Z",
"severity": "CRITICAL"
},
"details": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions \u003c V5.40), SICORE Base system (All versions \u003c V1.4.0). The password of administrative accounts of the affected applications can be reset without requiring the knowledge of the current password, given the auto login is enabled. This could allow an unauthorized attacker to obtain administrative access of the affected applications.",
"id": "GHSA-rp56-x26j-363p",
"modified": "2024-07-22T15:32:40Z",
"published": "2024-07-22T15:32:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37998"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-071402.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-V6HH-XJMV-MXF7
Vulnerability from github – Published: 2025-04-22 00:30 – Updated: 2025-04-22 00:30A vulnerability classified as problematic was found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This vulnerability affects unknown code of the file /api/studentPWD. The manipulation of the argument studentId leads to unverified password change. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-3849"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-22T00:15:13Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as problematic was found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This vulnerability affects unknown code of the file /api/studentPWD. The manipulation of the argument studentId leads to unverified password change. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-v6hh-xjmv-mxf7",
"modified": "2025-04-22T00:30:31Z",
"published": "2025-04-22T00:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3849"
},
{
"type": "WEB",
"url": "https://github.com/YXJ2018/SpringBoot-Vue-OnlineExam/issues/74"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.305776"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.305776"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.556283"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-VR7M-2734-5H7W
Vulnerability from github – Published: 2025-10-23 15:30 – Updated: 2025-10-23 18:31A Host Header Injection vulnerability in the password reset component in levlaz braindump v0.4.14 allows remote attackers to conduct password reset poisoning and account takeover via manipulation of the Host header when Flask's url_for(_external=True) generates reset links without a fixed SERVER_NAME.
{
"affected": [],
"aliases": [
"CVE-2025-61132"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-23T15:15:44Z",
"severity": "HIGH"
},
"details": "A Host Header Injection vulnerability in the password reset component in levlaz braindump v0.4.14 allows remote attackers to conduct password reset poisoning and account takeover via manipulation of the Host header when Flask\u0027s url_for(_external=True) generates reset links without a fixed SERVER_NAME.",
"id": "GHSA-vr7m-2734-5h7w",
"modified": "2025-10-23T18:31:14Z",
"published": "2025-10-23T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61132"
},
{
"type": "WEB",
"url": "https://drive.google.com/file/d/1FmkctLdOTGMdy6GgLaTzfxemdVDeiA7J/view?usp=sharing"
},
{
"type": "WEB",
"url": "https://gist.github.com/BrookeYangRui/94c3bee0c2cbc1ed81a21d4448550c21"
},
{
"type": "WEB",
"url": "https://github.com/levlaz/braindump/blob/9640dd03f99851dbd34dd6cac98a747a4a591b01/app/auth/views.py#L131-L148"
},
{
"type": "WEB",
"url": "https://github.com/levlaz/braindump/blob/9640dd03f99851dbd34dd6cac98a747a4a591b01/app/templates/auth/email/reset_password.html#L1-L8"
},
{
"type": "WEB",
"url": "https://portswigger.net/web-security/host-header/exploiting/password-reset-poisoning"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W45M-H9P7-X2WF
Vulnerability from github – Published: 2025-06-16 00:31 – Updated: 2026-01-08 21:30A vulnerability was found in UTT 进取 750W up to 5.0 and classified as critical. Affected by this issue is the function formDefineManagement of the file /goform/setSysAdm of the component Administrator Password Handler. The manipulation of the argument passwd1 leads to unverified password change. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-6097"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-16T00:15:18Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in UTT \u8fdb\u53d6 750W up to 5.0 and classified as critical. Affected by this issue is the function formDefineManagement of the file /goform/setSysAdm of the component Administrator Password Handler. The manipulation of the argument passwd1 leads to unverified password change. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-w45m-h9p7-x2wf",
"modified": "2026-01-08T21:30:28Z",
"published": "2025-06-16T00:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6097"
},
{
"type": "WEB",
"url": "https://github.com/pfwqdxwdd/cve/blob/main/6.md"
},
{
"type": "WEB",
"url": "https://github.com/pfwqdxwdd/cve/blob/main/6.md#poc"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.312566"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.312566"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.589425"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-W84W-59G8-PMG9
Vulnerability from github – Published: 2025-04-08 18:34 – Updated: 2025-04-08 18:34A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request
{
"affected": [],
"aliases": [
"CVE-2024-48887"
],
"database_specific": {
"cwe_ids": [
"CWE-620"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T17:15:34Z",
"severity": "CRITICAL"
},
"details": "A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request",
"id": "GHSA-w84w-59g8-pmg9",
"modified": "2025-04-08T18:34:42Z",
"published": "2025-04-08T18:34:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48887"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-435"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
When prompting for a password change, force the user to provide the original password in addition to the new password.
Mitigation
Do not use "forgotten password" functionality. But if you must, ensure that you are only providing information to the actual user, e.g. by using an email address or challenge question that the legitimate user already provided in the past; do not allow the current user to change this identity information until the correct password has been provided.
No CAPEC attack patterns related to this CWE.