Monthly
Unauthenticated password reset takeover in Chamilo LMS 1.11.x (prior to 1.11.38) and 2.0.0-RC versions (prior to RC.3) allows remote attackers to hijack arbitrary user accounts by computing deterministic reset tokens. The vulnerability stems from insecure token generation using sha1($email) without randomization, expiration, or rate limiting. Attackers knowing a target's email address can directly calculate valid password reset tokens and change account credentials without prior authentication, enabling full account takeover with high confidentiality and integrity impact. No public exploit identified at time of analysis.
The Membership Plugin - Restrict Content for WordPress contains an unvalidated redirect vulnerability in the 'rcp_redirect' parameter that allows unauthenticated attackers to redirect users to arbitrary external sites via password reset emails. Affected versions include all releases up to and including 3.2.24. This vulnerability has a CVSS score of 4.3 (low-to-moderate severity) and requires user interaction, limiting its immediate exploitation impact but creating a viable phishing vector for credential harvesting or malware distribution.
A product has an access control flaw allowing activation token reuse on the password-reset endpoint for unauthorized account takeover.
Password reset poisoning in Statamic CMS before 6.3.3/5.73.10 allows attackers to steal password reset tokens by manipulating the Host header in reset requests. Patch available.
A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forget_code/vercode results in weak password recovery. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about...
Intelbras VIP 3260 Z IA devices running firmware 2.840.00IB005.0.T contain a weak password recovery mechanism in the /OutsideCmd functionality that allows remote attackers with high technical sophistication to potentially compromise authentication controls. The vulnerability carries a CVSS score of 8.1 and currently lacks a patch, requiring organizations to implement compensating controls or consider alternative solutions until remediation is available.
Avideo versions up to 8.1 is affected by weak password recovery mechanism for forgotten password (CVSS 5.3).
macrozheng mall e-commerce platform v1.0.3 has an authentication vulnerability in password reset enabling unauthorized account takeover.
Operation And Maintenance Security Management System versions up to 3.0.12. is affected by weak password recovery mechanism for forgotten password (CVSS 5.3).
Beehive Forum 1.5.2 has host header injection in the forgot password function that allows intercepting password reset tokens. PoC available.
Unauthenticated password reset takeover in Chamilo LMS 1.11.x (prior to 1.11.38) and 2.0.0-RC versions (prior to RC.3) allows remote attackers to hijack arbitrary user accounts by computing deterministic reset tokens. The vulnerability stems from insecure token generation using sha1($email) without randomization, expiration, or rate limiting. Attackers knowing a target's email address can directly calculate valid password reset tokens and change account credentials without prior authentication, enabling full account takeover with high confidentiality and integrity impact. No public exploit identified at time of analysis.
The Membership Plugin - Restrict Content for WordPress contains an unvalidated redirect vulnerability in the 'rcp_redirect' parameter that allows unauthenticated attackers to redirect users to arbitrary external sites via password reset emails. Affected versions include all releases up to and including 3.2.24. This vulnerability has a CVSS score of 4.3 (low-to-moderate severity) and requires user interaction, limiting its immediate exploitation impact but creating a viable phishing vector for credential harvesting or malware distribution.
A product has an access control flaw allowing activation token reuse on the password-reset endpoint for unauthorized account takeover.
Password reset poisoning in Statamic CMS before 6.3.3/5.73.10 allows attackers to steal password reset tokens by manipulating the Host header in reset requests. Patch available.
A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forget_code/vercode results in weak password recovery. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about...
Intelbras VIP 3260 Z IA devices running firmware 2.840.00IB005.0.T contain a weak password recovery mechanism in the /OutsideCmd functionality that allows remote attackers with high technical sophistication to potentially compromise authentication controls. The vulnerability carries a CVSS score of 8.1 and currently lacks a patch, requiring organizations to implement compensating controls or consider alternative solutions until remediation is available.
Avideo versions up to 8.1 is affected by weak password recovery mechanism for forgotten password (CVSS 5.3).
macrozheng mall e-commerce platform v1.0.3 has an authentication vulnerability in password reset enabling unauthorized account takeover.
Operation And Maintenance Security Management System versions up to 3.0.12. is affected by weak password recovery mechanism for forgotten password (CVSS 5.3).
Beehive Forum 1.5.2 has host header injection in the forgot password function that allows intercepting password reset tokens. PoC available.