CWE-620
Unverified Password Change
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.
Official CWE-620 definition at MITREImpactr finds and proves weaknesses like CWE-620 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist