Lucene search
CVE-2014-2391
ποΈΒ 24 Apr 2014Β 05:05:06Reported byΒ mitreTypeΒ 
Β cveπΒ web.nvd.nist.govπΒ 37Β Viewsπ WEB
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password
Show more
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | CVE-2014-2391 | 24 Apr 201405:06 | β | nvd |
 | Input validation | 24 Apr 201405:06 | β | prion |
 | CVE-2014-2391 | 17 Apr 201420:00 | β | cvelist |
 | Open-Xchange AppSuiteδΏ‘ζ―ζ³ι²ζΌζ΄ | 14 Apr 201400:00 | β | seebug |
 | Open-Xchange (OX) App Suite Multiple Security Bypass Vulnerabilities (Oct 2015) | 6 Oct 201500:00 | β | openvas |
 | Open-Xchange security vulnerabilities | 5 May 201400:00 | β | securityvulns |
| Open-Xchange Security Advisory 2014-04-08 | 5 May 201400:00 | β | securityvulns |
Node
OROROROR
| Source | Link |
|---|---|
| securityfocus | www.securityfocus.com/archive/1/531762 |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| password | query param | /password/recovery | Improper decision about the sensitivity of a string representing a previously used but currently invalid password leading to information disclosure. | CWE-200 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo24 Apr 2014 05:06Current
6.6Medium risk
Vulners AI Score6.6
CVSS24.3
EPSS0.0023