Insufficiently Protected Credentials

Overview org.opencastproject:opencast-kernel is a free and open source solution for automated video capture and distribution at scale. Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the process of fetching MediaPackage elements included in a...

Denial Of Service

opencast-kernel is vulnerable to denial of service. The vulnerability exists due to an insecure processing of a single HTTP request to parse XML through the system, causing it to expand a .crafted string 100,000 times causing the system to hang...

Man-in-the-Middle (MitM)

opencast-kernel is vulnerable to man-in-the-middle attack. The hostname verification is disabled by default, allowing for man-in-the-middle attackers to intercept and modify network traffic...

Man-in-the-Middle (MitM)

opencast-kernel is vulnerable to man-in-the-middle MitM. The vulnerability exists through the lack of hostname verification on the certificate when HTTPS connections are made...

Authentication Bypass

opencast-kernel is vulnerable to authentication bypass. The vulnerability exists as media publication via OAI-PMH allows unauthenticated public access to all media and metadata by default...

Authorization Bypass

opencast-kernel is vulnerable to authorization bypass. The vulnerability exists as a user with the non-standard role, ROLECOURSEADMIN, is able to create new users using the user-utils endpoint...

Authentication Bypass

opencast-kernel is vulnerable to authentication bypass. The vulnerability exists as a fake remember-me token can be used to gain access of arbitrary users without the need to be authenticated...

Weak Encryption Standards

opencast-kernel is vulnerable to weak encryption standards. It uses a broken hashing standard, MD5, to hash sensitive information, such as passwords, for its cookies...