How severe is CVE-2024-0186?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2024-0186?

This is classified as CWE-640, which is a common weakness in software security.

CVE-2024-0186 - HIGH Severity | CVSS 8.1

Vulnerability Description

A vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0.0. Affected is an unknown function of the file /user/index/findpass?do=4 of the component HTTP POST Request Handler. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249444.

Related Vulnerabilities

CVE-2014-6412

HIGH

CVSS:8.1(High)

WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.

CWE-6402014

CVE-2017-0921

HIGH

CVSS:8.1(High)

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account tak...

CWE-6402017

CVE-2017-8613

HIGH

CVSS:8.1(High)

Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Az...

CWE-6402017

CVE-2018-1000812

HIGH

CVSS:8.1(High)

Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45...

CWE-6402018

CVE-2018-12579

HIGH

CVSS:8.1(High)

An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1....

CWE-6402018

CVE-2019-12943

HIGH

CVSS:8.1(High)

TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names.

CWE-6402019