CVE-2017-7673 - OpenCVE

Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apache	Openmeetings

Configuration 1 [-]

OR	cpe:2.3:a:apache:openmeetings:1.0.0:::::::*
	cpe:2.3:a:apache:openmeetings:2.0:::::::*
	cpe:2.3:a:apache:openmeetings:2.1:::::::*
	cpe:2.3:a:apache:openmeetings:2.1.1:::::::*
	cpe:2.3:a:apache:openmeetings:2.2.0:::::::*
	cpe:2.3:a:apache:openmeetings:3.0.0:::::::*
	cpe:2.3:a:apache:openmeetings:3.0.1:::::::*
	cpe:2.3:a:apache:openmeetings:3.0.2:::::::*
	cpe:2.3:a:apache:openmeetings:3.0.3:::::::*
	cpe:2.3:a:apache:openmeetings:3.0.4:::::::*
	cpe:2.3:a:apache:openmeetings:3.0.5:::::::*
	cpe:2.3:a:apache:openmeetings:3.0.6:::::::*
	cpe:2.3:a:apache:openmeetings:3.0.7:::::::*
	cpe:2.3:a:apache:openmeetings:3.1.0:::::::*
	cpe:2.3:a:apache:openmeetings:3.1.1:::::::*
	cpe:2.3:a:apache:openmeetings:3.1.2:::::::*
	cpe:2.3:a:apache:openmeetings:3.1.3:::::::*
	cpe:2.3:a:apache:openmeetings:3.1.4:::::::*
	cpe:2.3:a:apache:openmeetings:3.1.5:::::::*
	cpe:2.3:a:apache:openmeetings:3.2.0:::::::*
	cpe:2.3:a:apache:openmeetings:3.2.1:::::::*

References

Link	Resource
http://markmail.org/message/3hshl26omwjo6c5i	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/99587	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apache

Published: 2017-07-14T15:00:00

Updated: 2017-07-15T09:57:01

Reserved: 2017-04-11T00:00:00

Link: CVE-2017-7673

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-07-17T13:18:29.813

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-7673

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Apache OpenMeetings", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "1.0.0"}]}], "datePublic": "2017-07-13T00:00:00", "descriptions": [{"lang": "en", "value": "Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-15T09:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"name": "[user] 20170713 CVE-2017-7673 - Apache OpenMeetings Insufficient check in dialogs with passwords", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://markmail.org/message/3hshl26omwjo6c5i"}, {"name": "99587", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99587"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2017-7673", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache OpenMeetings", "version": {"version_data": [{"version_value": "1.0.0"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[user] 20170713 CVE-2017-7673 - Apache OpenMeetings Insufficient check in dialogs with passwords", "refsource": "MLIST", "url": "http://markmail.org/message/3hshl26omwjo6c5i"}, {"name": "99587", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99587"}]}}}}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2017-7673", "datePublished": "2017-07-14T15:00:00", "dateReserved": "2017-04-11T00:00:00", "dateUpdated": "2017-07-15T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "72B6167B-E822-4146-87F2-E2769DC85F99", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8CDA54EE-9AE1-4551-8C24-D2077515029C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "AB137AFF-1BB8-4FFC-9247-376718AAFEB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4E8B4E9B-D707-4B96-93B0-7E5F19C8C9A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E44AAC6C-13E1-423B-BB4C-4C92B763DE34", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "268D5F6C-F1E8-400B-8D79-A79A9481DFDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "57895052-DBEF-4CD4-B2B8-C6EBB7A607C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "DA80F112-8C3B-4D79-86A6-C7B3396C4DDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "5AC28AE2-7EDD-4554-B418-7C4AD5D6E943", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "94BB2711-23CA-4FA5-8868-664A839F7EAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "FCA799EE-CDF8-41C6-A3CF-5FC47ED0920C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "96D13854-BD10-4404-89A7-F6D398680628", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "3EC465AB-5CA6-4C97-8544-59D3236A7123", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1FCC94CB-EBC7-46D2-BD9E-DB043A4CD5B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "DC811824-EA8F-49F6-B732-10731A1BC0EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "8AFF29DC-46BA-4505-A921-42C783BC4C8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "085A80B3-B880-428D-AF1D-BED61C31E304", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "46036494-F97D-4C02-A630-102D9E7DE2CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "A2C208B6-E86A-4F73-B078-BA47BA1B162D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "331EDEB7-D823-43C6-9D8B-E872F921A328", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "B8D44A5F-C7BD-4CC2-9065-179FA92301C9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection."}, {"lang": "es", "value": "Apache OpenMeetings versi\u00f3n 1.0.0.0, utiliza un almacenamiento criptogr\u00e1fico no muy fuerte, el captcha no es usado en el registro y olvida los cuadros de di\u00e1logos de contrase\u00f1as, y los formularios de identificaci\u00f3n carecen de protecci\u00f3n de fuerza bruta."}], "id": "CVE-2017-7673", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-17T13:18:29.813", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://markmail.org/message/3hshl26omwjo6c5i"}, {"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99587"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-307"}, {"lang": "en", "value": "CWE-326"}], "source": "nvd@nist.gov", "type": "Primary"}]}