CVE-2016-4028

Open-Xchange OX Guard (before 2.4.0-rev8) is affected by a padding oracle flaw in the authentication token handling when using AES-CBC. The API may reveal padding validity via error codes, enabling brute-forcing of a guest token’s contents (OxReaderID cookie and auth parameter) to potentially dis...

Open-Xchange App Suite 7.8.1 Information Disclosure

Product: OX App Suite Vendor: OX Software GmbH Internal reference: 45328 Bug ID Vulnerability type: Information Exposure CWE-200 Vulnerable version: 7.8.1 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.6.2-rev43,...