CWE-640
Weak Password Recovery Mechanism for Forgotten Password
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
Official CWE-640 definition at MITREImpactr finds and proves weaknesses like CWE-640 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist