| CAPEC | Related Weakness |
| Password Recovery Exploitation |
| CWE-522 | Insufficiently Protected Credentials |
| CWE-640 | Weak Password Recovery Mechanism for Forgotten Password |
| CWE-718 | OWASP Top Ten 2007 Category A7 - Broken Authentication and Session Management |
|
| Reflection Attack in Authentication Protocol |
| CWE-301 | Reflection Attack in an Authentication Protocol |
| CWE-303 | Incorrect Implementation of Authentication Algorithm |
| CWE-718 | OWASP Top Ten 2007 Category A7 - Broken Authentication and Session Management |
|
