Common Weakness Enumeration

CWE-640

Allowed-with-Review

Weak Password Recovery Mechanism for Forgotten Password

Abstraction: Base · Status: Incomplete

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

393 vulnerabilities reference this CWE, most recent first.

GHSA-F3CP-F6PH-XXHJ

Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2022-05-24 22:28
VLAI
Details

In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. There is a rate limit in place, but the attack may still be conducted by stealing the session id from the physical compromise of the account and splitting the attack over several IP addresses and passing in the compromised session value from these various locations.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39899"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-640"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-04T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In all versions of GitLab CE/EE, an attacker with physical access to a user\u2019s machine may brute force the user\u2019s password via the change password function. There is a rate limit in place, but the attack may still be conducted by stealing the session id from the physical compromise of the account and splitting the attack over several IP addresses and passing in the compromised session value from these various locations.",
  "id": "GHSA-f3cp-f6ph-xxhj",
  "modified": "2022-05-24T22:28:35Z",
  "published": "2022-05-24T22:28:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39899"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39899.json"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/339154"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-F3W6-R2G2-VX25

Vulnerability from github – Published: 2025-12-15 03:30 – Updated: 2025-12-15 03:30
VLAI
Details

A vulnerability was identified in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this vulnerability is an unknown functionality of the file /api/GylOperator/UpdatePasswordBatch. The manipulation leads to weak password recovery. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-14696"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-640"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-15T02:15:36Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was identified in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this vulnerability is an unknown functionality of the file /api/GylOperator/UpdatePasswordBatch. The manipulation leads to weak password recovery. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-f3w6-r2g2-vx25",
  "modified": "2025-12-15T03:30:18Z",
  "published": "2025-12-15T03:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14696"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zhangbuneng/Sissyun-Shanghui-7-Unauthorized-password-modificationfication-vulnerability./issues/1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zhangbuneng/Sissyun-Shanghui-7-Unauthorized-password-modificationfication-vulnerability./issues/1#issue-3688839620"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.336414"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.336414"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.705601"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-F473-4GX3-59RW

Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-05-24 17:30
VLAI
Details

ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authentication bypass vulnerability. The ResetPassword function does not validate whether the user has successfully authenticated using security questions. An unauthenticated, remote attacker can send a crafted HTTP request to the /account/ResetPassword page to set a new password for any registered user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-26061"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-640"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-05T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authentication bypass vulnerability. The ResetPassword function does not validate whether the user has successfully authenticated using security questions. An unauthenticated, remote attacker can send a crafted HTTP request to the /account/ResetPassword page to set a new password for any registered user.",
  "id": "GHSA-f473-4gx3-59rw",
  "modified": "2022-05-24T17:30:06Z",
  "published": "2022-05-24T17:30:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26061"
    },
    {
      "type": "WEB",
      "url": "https://github.com/missing0x00/CVE-2020-26061"
    },
    {
      "type": "WEB",
      "url": "https://www.clickstudios.com.au/passwordstate-changelog.aspx"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-FCC4-FHGG-298H

Vulnerability from github – Published: 2022-05-14 01:38 – Updated: 2022-05-14 01:38
VLAI
Details

An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-17298"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-640"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-21T07:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password.",
  "id": "GHSA-fcc4-fhgg-298h",
  "modified": "2022-05-14T01:38:22Z",
  "published": "2022-05-14T01:38:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17298"
    },
    {
      "type": "WEB",
      "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=4050b0aafd18346d9a6a06967bfb1170824dab17"
    },
    {
      "type": "WEB",
      "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=b87d3b807f39c00371ebaa50f938cb0110113538"
    },
    {
      "type": "WEB",
      "url": "https://tuleap.net/plugins/tracker/?aid=12219"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FCHW-39VQ-2WVV

Vulnerability from github – Published: 2022-05-17 01:57 – Updated: 2022-05-17 01:57
VLAI
Details

An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-12850"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-640"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-14T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.",
  "id": "GHSA-fchw-39vq-2wvv",
  "modified": "2022-05-17T01:57:51Z",
  "published": "2022-05-17T01:57:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12850"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100352"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FCMX-4FPP-MG5Q

Vulnerability from github – Published: 2025-11-23 21:30 – Updated: 2025-11-23 21:30
VLAI
Details

A weakness has been identified in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the file /model/user/resetPassword.php. Executing manipulation can lead to weak password recovery. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13565"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-640"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-23T19:15:46Z",
    "severity": "MODERATE"
  },
  "details": "A weakness has been identified in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the file /model/user/resetPassword.php. Executing manipulation can lead to weak password recovery. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.",
  "id": "GHSA-fcmx-4fpp-mg5q",
  "modified": "2025-11-23T21:30:32Z",
  "published": "2025-11-23T21:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13565"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.333329"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.333329"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.697984"
    },
    {
      "type": "WEB",
      "url": "https://www.notion.so/Unauthenticated-Password-Reset-Vulnerability-in-SourceCodester-Inventory-Management-System-2b023917db8c8001b5ecf4c50a54dfbd?source=copy_link"
    },
    {
      "type": "WEB",
      "url": "https://www.sourcecodester.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-FCV8-P4GW-6X4X

Vulnerability from github – Published: 2022-05-24 17:32 – Updated: 2022-05-24 17:32
VLAI
Details

konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-27179"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-640"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-27T05:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens.",
  "id": "GHSA-fcv8-p4gw-6x4x",
  "modified": "2022-05-24T17:32:35Z",
  "published": "2022-05-24T17:32:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27179"
    },
    {
      "type": "WEB",
      "url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-publixone"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2020/Oct/28"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-FGMJ-4XC2-M385

Vulnerability from github – Published: 2022-05-17 02:56 – Updated: 2022-05-17 02:56
VLAI
Details

EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-2766"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-640"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-03T07:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system.",
  "id": "GHSA-fgmj-4xc2-m385",
  "modified": "2022-05-17T02:56:02Z",
  "published": "2022-05-17T02:56:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2766"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/540077/30/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95893"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FJ36-8FJ3-C7Q3

Vulnerability from github – Published: 2021-11-20 00:00 – Updated: 2021-11-23 00:00
VLAI
Details

Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-44037"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-640"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-19T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning.",
  "id": "GHSA-fj36-8fj3-c7q3",
  "modified": "2021-11-23T00:00:54Z",
  "published": "2021-11-20T00:00:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44037"
    },
    {
      "type": "WEB",
      "url": "https://teampasswordmanager.com/docs/changelog/#10.135.236"
    },
    {
      "type": "WEB",
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-060.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-FJ69-P8F6-Q97H

Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2024-02-28 18:38
VLAI
Summary
Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password
Details

With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions prior to 2.2.5 and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.cloudfoundry.identity:cloudfoundry-identity-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2015-3189"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-640"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-28T18:38:31Z",
    "nvd_published_at": "2017-05-25T17:29:00Z",
    "severity": "LOW"
  },
  "details": "With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions prior to 2.2.5 and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.",
  "id": "GHSA-fj69-p8f6-q97h",
  "modified": "2024-02-28T18:38:31Z",
  "published": "2022-05-13T01:07:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3189"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudfoundry/uaa/commit/a79b89f6e4f66626914b029b7a15a423491f8013"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cloudfoundry/uaa"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudfoundry/uaa/commits/2.2.5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudfoundry/uaa/compare/2.2.4...2.2.5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudfoundry/uaa/compare/2.2.5...2.2.6"
    },
    {
      "type": "WEB",
      "url": "https://pivotal.io/security/cve-2015-3189"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password"
}

Mitigation
Architecture and Design

Make sure that all input supplied by the user to the password recovery mechanism is thoroughly filtered and validated.

Mitigation
Architecture and Design

Do not use standard weak security questions and use several security questions.

Mitigation
Architecture and Design

Make sure that there is throttling on the number of incorrect answers to a security question. Disable the password recovery functionality after a certain (small) number of incorrect guesses.

Mitigation
Architecture and Design

Require that the user properly answers the security question prior to resetting their password and sending the new password to the e-mail address of record.

Mitigation
Architecture and Design

Never allow the user to control what e-mail address the new password will be sent to in the password recovery mechanism.

Mitigation
Architecture and Design

Assign a new temporary password rather than revealing the original password.

CAPEC-50: Password Recovery Exploitation

An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure.