CVE-2020-37215 MEDIUM

CVE-2020-37215: MSN Password Recovery 1.30 - Denial of Service

Vendor Top Password Software
Product MSN Password Recovery
Weakness CWE-120
Published February 11, 2026
Last update March 5, 2026

CVSS base score

4.6/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

MSN Password Recovery version 1.30 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized input in the registration code field. Attackers can generate a 9000-byte buffer of repeated characters and paste it into the 'User Name and Registration Code' field to trigger an application crash.

Key dates

02Disclosure timeline

February 11, 2026 CVE published
March 5, 2026 Record updated