Published: 15/12/2016 Updated: 19/10/2018

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

An issue exists in Open-Xchange OX Guard prior to 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided token matches the encryption padding. In combination with AES-CBC, this allows malicious users to guess the correct padding. Attackers may run brute-forcing attacks on the content of the guest authentication token and discover user credentials. For a practical attack vector, the guest users needs to have logged in, the content of the guest user's "OxReaderID" cookie and the value of the "auth" parameter needs to be known to the attacker.

Vulnerable Product	Search on Vulmon	Subscribe to Product
open-xchange ox guard

Open-Xchange App Suite versions 781 and below suffer from an information disclosure vulnerability ...

CWE-255 http://www.securitytracker.com/id/1036154 http://www.securityfocus.com/archive/1/538732/100/0/threaded https://nvd.nist.gov https://packetstormsecurity.com/files/137599/Open-Xchange-App-Suite-7.8.1-Information-Disclosure.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-4028

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect