Common Weakness Enumeration

CWE-640

Allowed-with-Review

Weak Password Recovery Mechanism for Forgotten Password

Abstraction: Base · Status: Incomplete

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

393 vulnerabilities reference this CWE, most recent first.

GHSA-P55V-V4XM-JX95

Vulnerability from github – Published: 2022-05-14 00:53 – Updated: 2022-05-14 00:53
VLAI
Details

Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. This attack appear to be exploitable via Network access to IntegriaIMS web interface . This vulnerability appears to have been fixed in fixed in versions released after commit f2ff0ba821644acecb893483c86a9c4d3bb75047.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-1000812"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-640"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-20T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. This attack appear to be exploitable via Network access to IntegriaIMS web interface . This vulnerability appears to have been fixed in fixed in versions released after commit f2ff0ba821644acecb893483c86a9c4d3bb75047.",
  "id": "GHSA-p55v-v4xm-jx95",
  "modified": "2022-05-14T00:53:55Z",
  "published": "2022-05-14T00:53:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000812"
    },
    {
      "type": "WEB",
      "url": "https://github.com/articaST/integriaims/commit/f2ff0ba821644acecb893483c86a9c4d3bb75047"
    },
    {
      "type": "WEB",
      "url": "https://cp270.wordpress.com/2018/05/14/war-story-password-resets"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fleetcaptain/integria-takeover"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P776-FV6R-6VH8

Vulnerability from github – Published: 2025-07-07 18:32 – Updated: 2025-07-08 18:31
VLAI
Details

JobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-43932"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-640"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-07T16:15:23Z",
    "severity": "CRITICAL"
  },
  "details": "JobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.",
  "id": "GHSA-p776-fv6r-6vh8",
  "modified": "2025-07-08T18:31:22Z",
  "published": "2025-07-07T18:32:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43932"
    },
    {
      "type": "WEB",
      "url": "https://github.com/guomaoqiu/JobCenter/issues/18"
    },
    {
      "type": "WEB",
      "url": "https://github.com/guomaoqiu/JobCenter/blob/7e7b0b2f756d66bba7e592a6c8952c78a3573d9c/app/templates/auth/email/reset_password.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P9H2-45X3-Q6PJ

Vulnerability from github – Published: 2023-11-11 09:30 – Updated: 2024-04-09 09:31
VLAI
Details

A vulnerability, which was classified as problematic, was found in Beijing Baichuo Smart S85F Management Platform V31R02B10-01. Affected is an unknown function of the file /login.php. The manipulation of the argument txt_newpwd leads to weak password recovery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-5959"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-640"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-11T09:15:26Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability, which was classified as problematic, was found in Beijing Baichuo Smart S85F Management Platform V31R02B10-01. Affected is an unknown function of the file /login.php. The manipulation of the argument txt_newpwd leads to weak password recovery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-p9h2-45x3-q6pj",
  "modified": "2024-04-09T09:31:09Z",
  "published": "2023-11-11T09:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5959"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Changboqian/cve/blob/main/reset_password_improperly.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.244992"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.244992"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.232562"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PCH6-CP5C-RVH9

Vulnerability from github – Published: 2022-05-24 17:21 – Updated: 2024-06-05 06:30
VLAI
Details

An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using either their username or the email address associated with their account. However, the feature returns a not_found message when the provided username or email address does not match a user in the system. This can be used to enumerate users.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-14016"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-640"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-24T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using either their username or the email address associated with their account. However, the feature returns a not_found message when the provided username or email address does not match a user in the system. This can be used to enumerate users.",
  "id": "GHSA-pch6-cp5c-rvh9",
  "modified": "2024-06-05T06:30:39Z",
  "published": "2022-05-24T17:21:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14016"
    },
    {
      "type": "WEB",
      "url": "https://blog.sean-wright.com/navigate-cms"
    },
    {
      "type": "WEB",
      "url": "https://cwe.mitre.org/data/definitions/204.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PF5R-8Q35-XV4W

Vulnerability from github – Published: 2022-01-29 00:00 – Updated: 2022-02-04 00:00
VLAI
Details

Forgotten password reset functionality for local accounts can be used to bypass local authentication checks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-27654"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-640"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-28T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Forgotten password reset functionality for local accounts can be used to bypass local authentication checks.",
  "id": "GHSA-pf5r-8q35-xv4w",
  "modified": "2022-02-04T00:00:43Z",
  "published": "2022-01-29T00:00:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27654"
    },
    {
      "type": "WEB",
      "url": "https://collaborate.pega.com/discussion/pega-security-advisory-c21"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-PH6G-6V8W-8P6M

Vulnerability from github – Published: 2023-04-28 15:30 – Updated: 2023-05-01 14:00
VLAI
Summary
Missing rate limit for password resets
Details

Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "concrete5/concrete5"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-28821"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-640"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-05-01T14:00:32Z",
    "nvd_published_at": "2023-04-28T14:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets.",
  "id": "GHSA-ph6g-6v8w-8p6m",
  "modified": "2023-05-01T14:00:32Z",
  "published": "2023-04-28T15:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28821"
    },
    {
      "type": "WEB",
      "url": "https://github.com/concretecms/concretecms/releases"
    },
    {
      "type": "WEB",
      "url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Missing rate limit for password resets"
}

GHSA-PHF3-PR25-C9C3

Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2024-04-04 02:09
VLAI
Details

SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access to the victim's account (e.g., via XSS or an unattended workstation) to change that password and address.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-15749"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-640"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-07T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access to the victim\u0027s account (e.g., via XSS or an unattended workstation) to change that password and address.",
  "id": "GHSA-phf3-pr25-c9c3",
  "modified": "2024-04-04T02:09:56Z",
  "published": "2022-05-24T16:58:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15749"
    },
    {
      "type": "WEB",
      "url": "https://www.contextis.com/en/resources/advisories/cve-2019-15749"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PHMH-5XPR-C83F

Vulnerability from github – Published: 2022-05-14 03:21 – Updated: 2025-05-30 18:30
VLAI
Details

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is possible through the password-reset feature.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-10210"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-640"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-25T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is possible through the password-reset feature.",
  "id": "GHSA-phmh-5xpr-c83f",
  "modified": "2025-05-30T18:30:33Z",
  "published": "2022-05-14T03:21:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10210"
    },
    {
      "type": "WEB",
      "url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2018-10210"
    },
    {
      "type": "WEB",
      "url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-10210"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PJFH-CCG3-6463

Vulnerability from github – Published: 2024-05-02 18:30 – Updated: 2024-07-03 18:38
VLAI
Details

In Jitsi Meet before 9391, a logic flaw in password-protected Jitsi meetings (that make use of a lobby) leads to the disclosure of the meeting password when a user is invited to a call after waiting in the lobby.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-33530"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-640"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-02T16:15:08Z",
    "severity": "HIGH"
  },
  "details": "In Jitsi Meet before 9391, a logic flaw in password-protected Jitsi meetings (that make use of a lobby) leads to the disclosure of the meeting password when a user is invited to a call after waiting in the lobby.",
  "id": "GHSA-pjfh-ccg3-6463",
  "modified": "2024-07-03T18:38:44Z",
  "published": "2024-05-02T18:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33530"
    },
    {
      "type": "WEB",
      "url": "https://insinuator.net/2024/05/vulnerability-in-jitsi-meet-meeting-password-disclosure-affecting-meetings-with-lobbies"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PMMP-296P-3P5G

Vulnerability from github – Published: 2023-06-30 21:30 – Updated: 2024-04-04 05:19
VLAI
Details

The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-29145"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-640"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-30T20:15:09Z",
    "severity": "HIGH"
  },
  "details": "The Malwarebytes EDR 1.0.11 for Linux driver doesn\u0027t properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger.",
  "id": "GHSA-pmmp-296p-3p5g",
  "modified": "2024-04-04T05:19:10Z",
  "published": "2023-06-30T21:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29145"
    },
    {
      "type": "WEB",
      "url": "https://malwarebytes.com"
    },
    {
      "type": "WEB",
      "url": "https://www.malwarebytes.com/secure/cves/cve-2023-29145"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Make sure that all input supplied by the user to the password recovery mechanism is thoroughly filtered and validated.

Mitigation
Architecture and Design

Do not use standard weak security questions and use several security questions.

Mitigation
Architecture and Design

Make sure that there is throttling on the number of incorrect answers to a security question. Disable the password recovery functionality after a certain (small) number of incorrect guesses.

Mitigation
Architecture and Design

Require that the user properly answers the security question prior to resetting their password and sending the new password to the e-mail address of record.

Mitigation
Architecture and Design

Never allow the user to control what e-mail address the new password will be sent to in the password recovery mechanism.

Mitigation
Architecture and Design

Assign a new temporary password rather than revealing the original password.

CAPEC-50: Password Recovery Exploitation

An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure.