An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak password recovery mechanism.