ID CVE-2017-7673
Summary Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE CWE-307
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 99587
mlist [user] 20170713 CVE-2017-7673 - Apache OpenMeetings Insufficient check in dialogs with passwords
Last major update 03-10-2019 - 00:03
Published 17-07-2017 - 13:18
Last modified 03-10-2019 - 00:03
Back to Top