Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-640
Total 121 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-1000554 1 Trovebox 1 Trovebox 2018-08-17 5.0 MEDIUM 9.8 CRITICAL
Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in user component that can result in Password reset. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed.
CVE-2018-12421 1 Ltb-project 1 Ldap Tool Box Self Service Password 2018-08-10 5.0 MEDIUM 9.8 CRITICAL
LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string.
CVE-2018-11134 1 Quest 1 Kace System Management Appliance 2018-06-29 9.0 HIGH 8.8 HIGH
In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. One of the available commands allows changing any user's password (including root). A low-privilege user could abuse this feature by changing the password of the 'kace_support' account, which comes disabled by default but has full sudo privileges.
CVE-2017-1000141 1 Mahara 1 Mahara 2018-06-13 6.4 MEDIUM 6.5 MEDIUM
An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could discontinue a user's ability to maintain their own account (changing username, changing primary email address, deleting account). The correct behavior was to either prompt them for their password and/or send a warning to their primary email address.
CVE-2018-10210 1 Vaultize 1 Enterprise File Sharing 2018-05-25 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is possible through the password-reset feature.
CVE-2014-6412 1 Wordpress 1 Wordpress 2018-05-17 5.0 MEDIUM 8.1 HIGH
WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.
CVE-2018-10081 1 Cmsmadesimple 1 Cms Made Simple 2018-04-17 5.0 MEDIUM 9.8 CRITICAL
CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring.
CVE-2018-0787 1 Microsoft 1 Asp.net Core 2018-04-11 6.8 MEDIUM 8.8 HIGH
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".
CVE-2017-8916 1 Cisecurity 1 Cis-cat Pro Dashboard 2018-02-24 4.6 MEDIUM 7.8 HIGH
In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administrative access.
CVE-2017-17097 1 Gps-server 1 Gps Tracking Software 2018-01-18 5.0 MEDIUM 9.8 CRITICAL
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password. This is related to the use of gmdate for password creation in fn_connect.php.
CVE-2017-8295 1 Wordpress 1 Wordpress 2017-11-03 4.3 MEDIUM 5.9 MEDIUM
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of the SERVER_NAME variable in wp-includes/pluggable.php in conjunction with the PHP mail function. Exploitation is not achievable in all cases because it requires at least one of the following: (1) the attacker can prevent the victim from receiving any e-mail messages for an extended period of time (such as 5 days), (2) the victim's e-mail system sends an autoresponse containing the original message, or (3) the victim manually composes a reply containing the original message.
CVE-2015-7257 1 Zte 2 Zxv10 W300, Zxv10 W300 Firmware 2017-08-29 8.5 HIGH 7.5 HIGH
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin".
CVE-2017-12851 1 Kanboard 1 Kanboard 2017-08-24 4.0 MEDIUM 8.8 HIGH
An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.
CVE-2017-12850 1 Kanboard 1 Kanboard 2017-08-24 4.0 MEDIUM 8.8 HIGH
An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.
CVE-2016-2349 1 Bmc 1 Remedy Action Request System 2017-07-26 5.0 MEDIUM 7.5 HIGH
Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password.
CVE-2017-7629 1 Qnap 1 Qts 2017-06-22 5.0 MEDIUM 7.5 HIGH
QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function.
CVE-2017-7731 1 Fortinet 1 Fortiportal 2017-05-31 5.0 MEDIUM 7.5 HIGH
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature.
CVE-2017-8385 1 Craftcms 1 Craft Cms 2017-05-11 5.0 MEDIUM 5.3 MEDIUM
Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.
CVE-2017-2766 1 Emc 1 Documentum Eroom 2017-03-09 7.5 HIGH 9.8 CRITICAL
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system.
CVE-2016-5996 1 Ibm 1 Tealeaf Customer Experience 2016-11-28 5.0 MEDIUM 7.5 HIGH
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not enforce password-length restrictions, which makes it easier for remote attackers to obtain access via a brute-force attack.