CVE-2014-6412Weak Password Recovery Mechanism for Forgotten Password in Wordpress

CWE-640Weak Password Recovery Mechanism for Forgotten Password6 documents4 sources
Severity
8.1HIGHNVD
EPSS
2.4%
top 14.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedApr 12
Latest updateMay 14

Description

WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

NVDwordpress/wordpress< 4.4.0

🔴Vulnerability Details

1
GHSA
GHSA-r95h-g3m2-8rgx: WordPress before 42022-05-14

📋Vendor Advisories

1
Debian
CVE-2014-6412: wordpress - WordPress before 4.4 makes it easier for remote attackers to predict password-re...2014

💬Community

3
Bugzilla
CVE-2014-6412 wordpress: lack of CSPRNG might lead to information disclosure [fedora-all]2015-02-13
Bugzilla
CVE-2014-6412 wordpress: lack of CSPRNG might lead to information disclosure2015-02-13
Bugzilla
CVE-2014-6412 wordpress: lack of CSPRNG might lead to information disclosure [epel-all]2015-02-13
CVE-2014-6412 — Wordpress vulnerability | cvebase