CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-640

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-15749 640 XSS 2019-10-07 2019-10-08
4.3
None Remote Medium Not required None Partial None
SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access to the victim's account (e.g., via XSS or an unattended workstation) to change that password and address.
2 CVE-2019-14955 640 2019-10-01 2019-10-08
5.0
None Remote Low Not required None Partial None
In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented.
3 CVE-2019-13240 640 2019-07-10 2019-07-17
4.3
None Remote Medium Not required Partial None None
An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is possible to change that user's password again during the next 24 hours without any information except the associated email address.
4 CVE-2019-12943 640 2019-09-10 2019-09-12
2.6
None Remote High Not required Partial None None
TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names.
5 CVE-2019-11414 640 2019-04-22 2019-04-22
4.3
None Remote Medium Not required Partial None None
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router.
6 CVE-2019-11393 640 2019-04-22 2019-04-30
5.0
None Remote Low Not required Partial None None
An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter.
7 CVE-2019-10641 640 2019-04-17 2019-04-19
5.0
None Remote Low Not required None Partial None
Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.
8 CVE-2019-10270 640 2019-06-21 2019-06-24
4.0
None Remote Low Single system None Partial None
An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It is possible (due to lack of verification and correlation between the reset password key sent by mail and the user_id parameter) to reset the password of another user. One only needs to know the user_id, which is publicly available. One just has to intercept the password modification request and modify user_id. It is possible to modify the passwords for any users or admin WordPress Ultimate Members. This could lead to account compromise and privilege escalation.
9 CVE-2019-3787 640 2019-06-19 2019-10-10
4.3
None Remote Medium Not required Partial None None
Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending ?unknown.org? to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to a potentially fraudulent address. This would allow the attacker to gain complete control of the user's account.
10 CVE-2018-1000812 640 2018-12-20 2019-08-15
4.3
None Remote Medium Not required Partial None None
Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. This attack appear to be exploitable via Network access to IntegriaIMS web interface . This vulnerability appears to have been fixed in fixed in versions released after commit f2ff0ba821644acecb893483c86a9c4d3bb75047.
11 CVE-2018-1000554 640 2018-06-26 2018-08-17
5.0
None Remote Low Not required Partial None None
Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in user component that can result in Password reset. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed.
12 CVE-2018-1000501 640 2018-06-26 2018-08-30
7.5
None Remote Low Not required Partial Partial Partial
Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application/controllers/administration/auth.php that can result in Account Tackover. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in v0.3.3.
13 CVE-2018-19488 640 2019-03-21 2019-04-01
7.5
None Remote Low Not required Partial Partial Partial
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_reset_pass() function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user's account.
14 CVE-2018-17881 640 2018-10-03 2018-12-17
5.0
None Remote Low Not required None Partial None
On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change.
15 CVE-2018-17401 640 2018-09-23 2018-11-08
4.3
None Remote Medium Not required Partial None None
** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by exploiting its Forgot Password feature. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots.
16 CVE-2018-16988 640 Bypass 2019-05-02 2019-05-03
5.0
None Remote Low Not required Partial None None
An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a password-reset process (pass_reset.php, password_reset.php, XDUser.php) in the past few minutes.
17 CVE-2018-16529 640 2019-03-28 2019-10-09
5.0
None Remote Low Not required Partial None None
A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password.
18 CVE-2018-12579 640 2018-08-20 2018-11-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0. An attacker could gain access to the admin panel or a customer account when using the password reset function. To do so, it is required to own a domain name similar to the one the victim uses for their e-mail accounts.
19 CVE-2018-12421 640 2018-06-14 2018-08-10
5.0
None Remote Low Not required Partial None None
LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string.
20 CVE-2018-12315 640 2018-12-04 2019-10-02
4.0
None Remote Low Single system None Partial None
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password.
21 CVE-2018-11134 640 2018-05-31 2018-06-29
9.0
None Remote Low Single system Complete Complete Complete
In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. One of the available commands allows changing any user's password (including root). A low-privilege user could abuse this feature by changing the password of the 'kace_support' account, which comes disabled by default but has full sudo privileges.
22 CVE-2018-10210 640 2018-04-25 2018-05-25
5.0
None Remote Low Not required Partial None None
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is possible through the password-reset feature.
23 CVE-2018-10081 640 2018-04-13 2018-04-17
5.0
None Remote Low Not required Partial None None
CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring.
24 CVE-2018-8916 640 2018-06-08 2019-10-09
4.0
None Remote Low Single system Partial None None
Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification.
25 CVE-2018-7811 640 2018-11-30 2019-10-02
5.0
None Remote Low Not required None Partial None
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server
26 CVE-2018-7809 640 2018-11-30 2018-12-28
6.4
None Remote Low Not required None Partial Partial
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server.
27 CVE-2018-0787 640 2018-03-14 2018-04-11
6.8
None Remote Medium Not required Partial Partial Partial
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".
28 CVE-2017-1000141 640 2018-01-30 2018-06-13
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could discontinue a user's ability to maintain their own account (changing username, changing primary email address, deleting account). The correct behavior was to either prompt them for their password and/or send a warning to their primary email address.
29 CVE-2017-17097 640 2018-01-02 2018-01-18
5.0
None Remote Low Not required Partial None None
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password. This is related to the use of gmdate for password creation in fn_connect.php.
30 CVE-2017-14005 640 2017-10-17 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a user, the application does not require the user to know the original password. An attacker who is authenticated could change a user's password, enabling future access and possible configuration changes.
31 CVE-2017-12851 640 2017-08-14 2017-08-24
4.0
None Remote Low Single system Partial None None
An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.
32 CVE-2017-12850 640 2017-08-14 2017-08-24
4.0
None Remote Low Single system Partial None None
An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.
33 CVE-2017-12161 640 2018-02-21 2019-10-09
4.3
None Remote Medium Not required Partial None None
It was found that keycloak before 3.4.2 final would permit misuse of a client-side /etc/hosts entry to spoof a URL in a password reset request. An attacker could use this flaw to craft a malicious password reset request and gain a valid reset token, leading to information disclosure or further attacks.
34 CVE-2017-8916 640 2018-01-31 2018-02-24
4.6
None Local Low Not required Partial Partial Partial
In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administrative access.
35 CVE-2017-8613 640 +Priv 2017-06-29 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Azure AD Connect Elevation of Privilege Vulnerability."
36 CVE-2017-8385 640 2017-05-01 2017-05-11
5.0
None Remote Low Not required None Partial None
Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.
37 CVE-2017-8295 640 2017-05-04 2017-11-03
4.3
None Remote Medium Not required None Partial None
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of the SERVER_NAME variable in wp-includes/pluggable.php in conjunction with the PHP mail function. Exploitation is not achievable in all cases because it requires at least one of the following: (1) the attacker can prevent the victim from receiving any e-mail messages for an extended period of time (such as 5 days), (2) the victim's e-mail system sends an autoresponse containing the original message, or (3) the victim manually composes a reply containing the original message.
38 CVE-2017-7731 640 2017-05-26 2017-05-31
5.0
None Remote Low Not required Partial None None
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature.
39 CVE-2017-7629 640 2017-06-15 2017-06-22
5.0
None Remote Low Not required None Partial None
QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function.
40 CVE-2017-7615 640 2017-04-16 2017-08-15
6.5
None Remote Low Single system Partial Partial Partial
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
41 CVE-2017-7551 640 2017-08-16 2018-01-04
5.0
None Remote Low Not required Partial None None
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.
42 CVE-2017-5594 640 2017-01-25 2017-09-01
4.3
None Remote Medium Not required Partial None None
An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.
43 CVE-2017-2766 640 2017-02-03 2017-03-09
7.5
None Remote Low Not required Partial Partial Partial
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system.
44 CVE-2017-2614 640 2018-07-27 2019-10-09
2.1
None Local Low Not required None Partial None
When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts.
45 CVE-2017-0921 640 2018-07-03 2018-09-04
6.8
None Remote Medium Not required Partial Partial Partial
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.
46 CVE-2016-8716 640 2017-04-12 2017-04-20
3.3
None Local Network Low Not required Partial None None
An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials.
47 CVE-2016-7038 640 2017-01-20 2017-01-25
5.0
None Remote Low Not required Partial None None
In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.
48 CVE-2016-5997 640 2016-09-26 2016-11-28
4.0
None Remote Low Single system None Partial None
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not apply password-quality rules to password changes, which makes it easier for remote attackers to obtain access via a brute-force attack.
49 CVE-2016-5996 640 2016-09-26 2016-11-28
5.0
None Remote Low Not required Partial None None
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not enforce password-length restrictions, which makes it easier for remote attackers to obtain access via a brute-force attack.
50 CVE-2016-2349 640 2016-12-21 2017-07-26
5.0
None Remote Low Not required None Partial None
Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password.
Total number of vulnerabilities : 55   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.