The password recovery service in Open-Xchange AppSuite prior to 7.2.2-rev20, 7.4.1 prior to 7.4.1-rev11, and 7.4.2 prior to 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote malicious users to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
open-xchange open-xchange appsuite 7.4.2 |
||
open-xchange open-xchange appsuite 7.2.1 |
||
open-xchange open-xchange appsuite 7.2.0 |
||
open-xchange open-xchange appsuite |
||
open-xchange open-xchange appsuite 7.4.1 |