CVE-2015-8542
Open-Xchange Guard prior to 2.2.0-rev8 is affected. The getprivkeybyid API allows downloading a user’s PGP Private Key after authentication. The auth parameter contains a hashed password, used as a single point of authentication, and, because id and cid are sequential, an attacker can iterate the...