Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-620 (未经验证的口令修改) — Vulnerability Class 68

68 vulnerabilities classified as CWE-620 (未经验证的口令修改). AI Chinese analysis included.

CWE-620 represents a critical authentication weakness where software allows password modifications without verifying the user’s current identity. This flaw typically arises when applications accept new credentials based solely on a username or session token, bypassing the requirement for the original password or multi-factor authentication. Attackers exploit this vulnerability by intercepting valid user sessions or manipulating requests to reset passwords for other accounts, thereby gaining unauthorized access to sensitive data and elevated privileges. To mitigate this risk, developers must enforce strict verification protocols during password changes. This includes requiring the current password, implementing time-limited reset tokens sent via secure channels, and validating session integrity. By ensuring that only the legitimate account holder can authorize changes, organizations effectively prevent account takeover attacks and maintain robust user authentication standards.

MITRE CWE Description
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication. This could be used by an attacker to change passwords for another user, thus gaining the privileges associated with that user.
Common Consequences (1)
Access ControlBypass Protection Mechanism, Gain Privileges or Assume Identity
Mitigations (2)
Architecture and DesignWhen prompting for a password change, force the user to provide the original password in addition to the new password.
Architecture and DesignDo not use "forgotten password" functionality. But if you must, ensure that you are only providing information to the actual user, e.g. by using an email address or challenge question that the legitimate user already provided in the past; do not allow the current user to change this identity information until the correct password has been provided.
Examples (1)
This code changes a user's password.
$user = $_GET['user']; $pass = $_GET['pass']; $checkpass = $_GET['checkpass']; if ($pass == $checkpass) { SetUserPassword($user, $pass); }
Bad · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2026-42084 OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence — cosmos 8.1 High2026-05-04
CVE-2026-40588 blueprintUE: Authenticated Password Change Does Not Verify Current Password — blueprintue-self-hosted-edition 8.1 High2026-04-21
CVE-2019-25653 Navicat for Oracle 12.1.15 Password Field Denial of Service — Navicat for Oracle 6.2 Medium2026-03-30
CVE-2026-27757 SODOLA SL902-SWTGW124AS <= 200.1.20 Unverified Password Change — SODOLA SL902-SWTGW124AS 7.1 High2026-02-27
CVE-2026-24443 EventSentry < 6.0.1.20 Web Reports Unverified Password Change — EventSentry 8.8 -2026-02-24
CVE-2026-2543 vichan-devel vichan Password Change pages.php unverified password change — vichan 2.7 Low2026-02-16
CVE-2026-24440 Tenda W30E V2 Allows Password Changes Without Verifying Current Password — W30E V2 9.1AICriticalAI2026-01-26
CVE-2025-14751 Unverified Password Change in Weintek cMT X Series HMI EasyWeb Service — cMT3072XH 8.8AIHighAI2026-01-22
CVE-2025-11235 MOVEit Transfer REST API does not require current password in order to initiate the password change process — MOVEit Transfer 3.7 Low2026-01-06
CVE-2025-13148 IBM Aspera Orchestrator Unverified Password Change — Aspera Orchestrator 8.1 High2025-12-11
CVE-2025-67719 Ibexa User Bundle is missing password change validation — user 9.8AICriticalAI2025-12-11
CVE-2025-59808 Fortinet FortiSOAR PaaS和Fortinet FortiSOAR on-premise 安全漏洞 — FortiSOAR on-premise 6.5 Medium2025-12-09
CVE-2025-62425 Matrix Authentication Service account password can be changed using an authenticated session without supplying the current password — matrix-authentication-service 8.3 High2025-10-16
CVE-2025-9286 Appy Pie Connect for WooCommerce <= 1.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via reset_user_password — Appy Pie Connect for WooCommerce 9.8 Critical2025-10-03
CVE-2025-10159 Sophos AP6 Series 安全漏洞 — AP6 Series Wireless Access Points 9.8 Critical2025-09-09
CVE-2025-46389 Emby MediaBrowser 安全漏洞 — MediaBrowser 6.5 Medium2025-08-06
CVE-2025-4606 Sala - Startup & SaaS WordPress Theme <= 1.1.4 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover — Sala - Startup & SaaS WordPress Theme 9.8 Critical2025-07-09
CVE-2024-12827 DWT - Directory & Listing WordPress Theme <= 3.3.6 - Unauthenticated Arbitrary User Password Reset — DWT - Directory & Listing WordPress Theme 9.8 Critical2025-06-27
CVE-2025-6097 UTT 进取 750W Administrator Password setSysAdm formDefineManagement unverified password change — 进取 750W 5.3 Medium2025-06-16
CVE-2025-5482 Sunshine Photo Cart <= 3.4.11 - Authenticated (Subscriber+) Privilege Escalation — Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for Photographers 8.8 High2025-06-04
CVE-2025-47938 TYPO3 Vulnerable to Unverified Password Change for Backend Users — typo3 3.8 Low2025-05-20
CVE-2025-4322 Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover — Motors - Car Dealer, Rental & Listing WordPress theme 9.8 Critical2025-05-20
CVE-2025-4903 D-Link DI-7003GV2 webgl.asp sub_41F4F0 unverified password change — DI-7003GV2 5.3 Medium2025-05-19
CVE-2025-46748 Unverified Password Change — SEL Blueframe OS 2.7 Low2025-05-12
CVE-2025-4558 WormHole Tech GPM - Unverified Password Change — GPM 9.8 Critical2025-05-12
CVE-2025-4552 ContiNew Admin password unverified password change — ContiNew Admin 5.4 Medium2025-05-11
CVE-2025-2253 IMITHEMES Listing <= 3.3 - Unauthenticated Privilege Escalation via Unverified Password Reset — IMITHEMES Listing 9.8 Critical2025-05-09
CVE-2024-47784 Unverified Password Change — ANC 2.6 Low2025-04-30
CVE-2025-3603 Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Password Update — Flynax Bridge 9.8 Critical2025-04-24
CVE-2025-3793 Buddypress Force Password Change <= 0.1 - Authenticated (Subscriber+) Account Takeover via Password Update — Buddypress Force Password Change 4.2 Medium2025-04-24

Vulnerabilities classified as CWE-620 (未经验证的口令修改) represent 68 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.