Lucene search
PRIOn knowledge basePRION:CVE-2014-2391HistoryApr 24, 2014 - 5:06 a.m.
Input validation
2014-04-2405:06:00
PRIOn knowledge base
www.prio-n.com
2
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request.
References
Related
seebug
seebug
Open-Xchange AppSuiteδΏ‘ζ―ζ³ι²ζΌζ΄
2014-04-14 00:00:00
cve
cve
CVE-2014-2391
2014-04-24 05:06:05
nvd
nvd
CVE-2014-2391
2014-04-24 05:06:05
cvelist
cvelist
CVE-2014-2391
2014-04-17 20:00:00
openvas
openvas
securityvulns
securityvulns
Open-Xchange security vulnerabilities
2014-05-05 00:00:00
Open-Xchange Security Advisory 2014-04-08
2014-05-05 00:00:00