目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

CWE-640 忘记口令恢复机制弱 类漏洞列表 105

CWE-640 忘记口令恢复机制弱 类弱点 105 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-640属于身份验证绕过类漏洞,指应用程序在用户忘记密码时提供的恢复机制存在安全缺陷。攻击者通常利用该弱点,通过猜测简单安全问题、拦截重置链接或暴力破解临时令牌,从而非法重置密码并接管账户。开发者应避免使用可预测的恢复凭据,采用多因素认证、发送一次性动态验证码至受控邮箱或手机,并实施速率限制以增强恢复流程的安全性。

MITRE CWE 官方描述
CWE:CWE-640 遗忘密码的弱密码恢复机制 英文:产品包含一种允许用户在不知道原始密码的情况下恢复或更改密码的机制,但该机制存在弱点。 应用程序通常具备一种机制,以便在用户忘记密码时提供访问其账户的途径。然而,密码恢复机制往往存在弱点,这使得除合法系统用户之外的其他人更有可能获得该用户账户的访问权限。弱密码恢复方案会完全破坏强密码认证方案的有效性。这种弱点可能表现为安全提示问题过于简单,容易被猜测或找到答案(例如,因为问题过于常见,或者答案可以通过社交媒体获取)。或者,密码恢复机制的代码可能存在实现弱点,例如欺骗系统将新密码发送到用户之外的其他电子邮件账户。密码重置的频率可能缺乏速率限制(throttling),导致攻击者通过快速连续尝试恢复密码,从而对合法用户造成服务拒绝(denial of service)。系统可能会向用户发送原始密码,而不是生成新的临时密码。总之,密码恢复功能如果未经过仔细设计和实现,往往会成为系统中最薄弱的环节,可能被滥用,从而使攻击者能够未经授权地访问系统。
常见影响 (3)
Access ControlGain Privileges or Assume Identity
An attacker could gain unauthorized access to the system by retrieving legitimate user's authentication credentials.
AvailabilityDoS: Resource Consumption (Other)
An attacker could deny service to legitimate system users by launching a brute force attack on the password recovery mechanism using user ids of legitimate users.
Integrity, OtherOther
The system's security functionality is turned against the system by the attacker.
缓解措施 (5)
Architecture and DesignMake sure that all input supplied by the user to the password recovery mechanism is thoroughly filtered and validated.
Architecture and DesignDo not use standard weak security questions and use several security questions.
Architecture and DesignMake sure that there is throttling on the number of incorrect answers to a security question. Disable the password recovery functionality after a certain (small) number of incorrect guesses.
Architecture and DesignRequire that the user properly answers the security question prior to resetting their password and sending the new password to the e-mail address of record.
Architecture and DesignNever allow the user to control what e-mail address the new password will be sent to in the password recovery mechanism.
代码示例 (1)
A famous example of this type of weakness being exploited is the eBay attack. eBay always displays the user id of the highest bidder. In the final minutes of the auction, one of the bidders could try to log in as the highest bidder three times. After three incorrect log in attempts, eBay password throttling would kick in and lock out the highest bidder's account for some time. An attacker could th…
CVE IDタイトルCVSS深刻度公開日
CVE-2025-10127 Daikin Europe N.V Security Gateway Weak Password Recovery Mechanism for Forgotten Password — Security Gateway 9.8 Critical2025-09-11
CVE-2025-32486 WordPress Material Dashboard plugin <= 1.4.6 - Privilege Escalation Vulnerability — Material Dashboard 9.8 Critical2025-09-09
CVE-2025-7948 jshERP updatePwd password recovery — jshERP 4.3 Medium2025-07-22
CVE-2025-7881 Mercusys MW301R Web Interface password recovery — MW301R 2.7 Low2025-07-20
CVE-2024-43190 IBM Engineering Requirements Management DOORS weak authentication — Engineering Requirements Management DOORS 5.9 Medium2025-07-07
CVE-2025-53373 Natours has a 1 Click Account take over on reset password via Host Header injection — Natours 9.8AICriticalAI2025-07-07
CVE-2025-52560 Kanboard Password Reset Poisoning via Host Header Injection — kanboard 8.1 High2025-06-24
CVE-2025-6216 Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability — Allegra 9.8AICriticalAI2025-06-21
CVE-2025-47646 WordPress PSW Front-end Login & Registration plugin <= 1.13 - Broken Authentication Vulnerability — PSW Front-end Login & Registration 9.8 Critical2025-05-23
CVE-2025-31380 WordPress Paid Videochat Turnkey Site plugin <= 7.3.11 - Broken Authentication Vulnerability — Paid Videochat Turnkey Site 9.8 Critical2025-04-17
CVE-2024-12295 BoomBox Theme Extensions <= 1.8.0 - Authenticated (Subscriber+) Privilege Escalation via Password Reset/Account Takeover in boombox_ajax_reset_password — BoomBox Theme Extensions 8.8 High2025-03-19
CVE-2025-29995 Account Takeover Vulnerability in CAP back office application — CAP back office application 8.8 -2025-03-13
CVE-2025-2093 PHPGurukul Online Library Management System change-password.php password recovery — Online Library Management System 3.1 Low2025-03-07
CVE-2025-1570 Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.1 - Privilege Escalation and Account Takeover via Weak OTP — Directorist: AI-Powered Business Directory, Listings & Classified Ads 8.1 High2025-02-28
CVE-2025-0331 YunzMall HTTP POST Request ResetpwdController.php changePwd password recovery — YunzMall 5.3 Medium2025-01-09
CVE-2024-11350 AdForest <= 5.1.6 - Privilege Escalation via Password Reset/Account Takeover — AdForest 9.8 Critical2025-01-08
CVE-2024-47547 Ruijie Reyee OS Weak Password Recovery Mechanism for Forgotten Password — Reyee OS 9.4 Critical2024-12-06
CVE-2024-11103 Contest Gallery <= 24.0.7 - Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account Takeover — Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe 9.8 Critical2024-11-28
CVE-2024-45670 IBM Security SOAR weak password recovery mechanism — Security SOAR 5.6 Medium2024-11-14
CVE-2024-50356 Press has a potential 2FA bypass — press--2024-10-31
CVE-2024-9302 App Builder – Create Native Android & iOS Apps On The Flight <= 5.3.7 - Privilege Escalation and Account Takeover via Weak OTP — App Builder – Create Native Android & iOS Apps On The Flight 8.1 High2024-10-25
CVE-2024-9305 AppPresser – Mobile App Framework <= 4.4.4 - Privilege Escalation and Account Takeover via Weak OTP — AppPresser – Mobile App Framework 8.1 High2024-10-16
CVE-2024-9907 QileCMS Verification Code Forget.php sendEmail password recovery — QileCMS 3.7 Low2024-10-13
CVE-2024-8878 Unauthenticated Password Reset — Netman 204 9.8AICriticalAI2024-09-24
CVE-2024-8692 TDuckCloud TDuckPro password recovery — TDuckPro 5.3 Medium2024-09-11
CVE-2024-6203 HaloITSM - Password Reset Poisoning — HaloITSM 8.3 High2024-08-06
CVE-2024-6125 Login with phone number <= 1.7.34 - Insecure Password Reset Mechanism — OTP Login With Phone Number, OTP Verification 8.1 High2024-06-19
CVE-2023-7264 Build App Online <= 1.0.22 - Account Takeover via Weak Password Reset Mechanism — Build App Online 8.1 High2024-06-11
CVE-2024-36407 SuiteCRM unauthenticated user password reset on php7 — SuiteCRM 3.7 Low2024-06-10
CVE-2024-5277 Weak Password Recovery Mechanism in lunary-ai/lunary — lunary-ai/lunary 9.8AICriticalAI2024-06-06

CWE-640(忘记口令恢复机制弱) 是常见的弱点类别,本平台收录该类弱点关联的 105 条 CVE 漏洞。