Check CVE Id
Check CWE Id
Sorry. No results for Bugtraq WLB2
CVEMAP Search Results
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is possible through the password-reset feature.
Cms made simple
CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring.
WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".
It was found that keycloak before 3.4.2 final would permit misuse of a client-side /etc/hosts entry to spoof a URL in a password reset request. An attacker could use this flaw to craft a malicious password reset request and gain a valid reset token, leading to information disclosure or further attacks.
Cis-cat pro ...
In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administrative access.
An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could discontinue a user's ability to maintain their own account (changing username, changing primary email address, deleting account). The correct behavior was to either prompt them for their password and/or send a warning to their primary email address.
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password. This is related to the use of gmdate for password creation in fn_connect.php.
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.
389-ds-base version before 184.108.40.206 and 220.127.116.11 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.
Back to Top