CWE-620: Unverified Password Change
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.
View on MITREExtended Description
This could be used by an attacker to change passwords for another user, thus gaining the privileges associated with that user.
Technical Details
- Structure
- Simple
Applicable To
Security Consequences
Scope
Impact
Mitigation Strategies
Phase
Description
When prompting for a password change, force the user to provide the original password in addition to the new password.
Detection Methods
No detection method information available for this CWE.
Code Examples & CVEs
Demonstrative Examples
This code changes a user's password.
While the code confirms that the requesting user typed the same new password twice, it does not confirm that the user requesting the password change is the same user whose password will be changed. An attacker can request a change of another user's password and gain control of the victim's account.
Observed CVE Examples (2)
Web app allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions.
View DetailsWeb application password change utility doesn't check the original password.
View DetailsCWE Relationships
Frequently Asked Questions
What is CWE-620: Unverified Password Change?+
CWE-620: Unverified Password Change is a Common Weakness Enumeration (CWE) entry maintained by MITRE. When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication. This could be used by an attacker to change passwords for another user, thus gaining the privileges associated with that user.
What are the security consequences of Unverified Password Change?+
If exploited, CWE-620 (Unverified Password Change) it can compromise Access Control, leading to outcomes such as Bypass Protection Mechanism and Gain Privileges or Assume Identity.
How do you prevent or mitigate Unverified Password Change?+
Recommended mitigations for CWE-620 include: When prompting for a password change, force the user to provide the original password in addition to the new password.
Which programming languages are affected by Unverified Password Change?+
CWE-620 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
What are real-world examples of Unverified Password Change?+
MITRE documents real CVEs mapped to CWE-620, including CVE-2007-0681 and CVE-2000-0944. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
What is the difference between a CWE and a CVE?+
A CWE (Common Weakness Enumeration) like CWE-620 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.