Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2016-0783

Published: 11/04/2016 Updated: 09/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Openmeetings

Vulnerability Summary

The sendHashByUser function in Apache OpenMeetings prior to 3.1.1 generates predictable password reset tokens, which makes it easier for remote malicious users to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time.

Vulnerable Product Search on Vulmon Subscribe to Product

apache openmeetings

Github Repositories

https://github.com/Quadrupl3d/ICISPD-47-2023

Code snippets supporting the conference paper with ID - 47, Titled - "Attacking Authentication Mechanisms: from Offense to Defense"

ICISPD-47-2023 Code snippets supporting the conference paper ID - 47 Title - "Attacking Authentication Mechanisms: from Offense to Defense" Listing 1 - Captcha image’s content placed in ‘id’ field <img id=‘7zwf3’ src=‘captchajpgphp’> Listing 2 - PHP code vulnerable to X-Fo

Recent Articles

Remote code execution found and fixed in Apache OpenMeetings
The Register • Darren Pauli • 07 Apr 2016

Password token snatch might explain that unexpected weirdo in your next online meeting

Recurity Labs hacker Andreas Lindh has found four vulnerabilities, including a remote code execution hole, in Apache OpenMeetings. The flaws mean attackers could hijack installations of the popular virtual meetings and shared whiteboard application. Lindh reported two critical flaws including a predictable password reset token (CVE-2016-0783) and an arbitrary file read through the SOAP API (CVE-2016-2164) along with moderately dangerous holes in ZIP file path traversal (CVE-2016-0784) and stored...

Read more...

References

CWE-200http://packetstormsecurity.com/files/136432/Apache-OpenMeetings-3.1.0-MD5-Hashing.htmlhttp://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-codehttps://www.apache.org/dist/openmeetings/3.1.1/CHANGELOGhttp://openmeetings.apache.org/security.htmlhttp://www.securityfocus.com/archive/1/537886/100/0/threadedhttps://nvd.nist.govhttps://github.com/Quadrupl3d/ICISPD-47-2023https://www.theregister.co.uk/2016/04/07/apache_openmeetings_remote_code_exec/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook