Lucene search

[email protected]CVE-2016-2379

HistoryMar 29, 2017 - 8:59 p.m.

CVE-2016-2379

2017-03-2920:59:00

CWE-326

[email protected]

web.nvd.nist.gov

mxit protocol

weak encryption

hashed passwords

cve-2016-2379

3.3 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.6%

JSON

The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords.

Affected configurations

NVD

Node

pidginmxitMatch-

CPENameOperatorVersion
pidgin:mxitpidgin mxiteq-

CPE	Name	Operator	Version
pidgin:mxit	pidgin mxit	eq	-

References

www.securityfocus.com/bid/91335

www.talosintelligence.com/reports/TALOS-2016-0122/

pidgin.im/news/security/?id=95

security.gentoo.org/glsa/201701-38

3.3 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.6%

JSON

Related for CVE-2016-2379

cvelist1 redhatcve1 ubuntucve1 nvd1 prion1 nessus8 gentoo1