Password token snatch might explain that unexpected weirdo in your next online meeting
Recurity Labs hacker Andreas Lindh has found four vulnerabilities, including a remote code execution hole, in Apache OpenMeetings. The flaws mean attackers could hijack installations of the popular virtual meetings and shared whiteboard application. Lindh reported two critical flaws including a predictable password reset token (CVE-2016-0783) and an arbitrary file read through the SOAP API (CVE-2016-2164) along with moderately dangerous holes in ZIP file path traversal (CVE-2016-0784) and stored...