9.8 CVE-2026-37106
An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to create an account via the register function in inc/auth.php. NOTE: this is disputed by the Supplier because this is the intentional behavior when the product is configured for self-registration (a non-default feature).
https://nvd.nist.gov/vuln/detail/CVE-2026-37106
Categories
CWE-640 : Weak Password Recovery Mechanism for Forgotten Password
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. Make sure that all input supplied by the user to the password recovery mechanism is thoroughly filtered and validated. Do not use standard weak security questions and use several security questions. Make sure that there is throttling on the number of incorrect answers to a security question. Disable the password recovery functionality after a certain (small) number of incorrect guesses. Require that the user properly answers the security question prior to resetting their password and sending the new password to the e-mail address of record. Never allow the user to control what e-mail address the new password will be sent to in the password recovery mechanism. Assign a new temporary password rather than revealing the original password. password reset functionality for a WordPress plugin allows a brute force attack of the one-time password password reset functionality for a WordPress plugin allows a brute force attack of the one-time password password recovery mechanism for AI developer toolkit does not invalidate the reset password token after it is used, allowing attackers to reuse the token to change passwords of victims web conference product resets passwords to random 8-digit values, allowing brute force attacks by retrieving the hash
References
134c704f-9b21-4f2e-91b3-4a467353bcc0
cve@mitre.org
AFFECTED (from MITRE)
| Vendor |
Product |
Versions |
| n/a |
n/a |
|
| © 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. |
CPE
REMEDIATION
EXPLOITS
Exploit-db.com
| id |
description |
date |
|
| No known exploits |
POC Github
Other Nist (github, ...)
CAPEC
Common Attack Pattern Enumerations and Classifications
| id |
description |
severity |
| 50 |
Password Recovery Exploitation
An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure. Understand the password recovery mechanism and how it works. Find a weakness in the password recovery mechanism and exploit it. For instance, a weakness may be that a standard single security question is used with an easy to determine answer. |
High |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
Discover this offer