Candidate: CVE-2016-2379
PublicDate: 2017-03-29 20:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2379
 http://www.talosintelligence.com/reports/TALOS-2016-0122/
 https://pidgin.im/news/security/?id=95
 https://security.gentoo.org/glsa/201701-38
Description:
 The Mxit protocol uses weak encryption when encrypting user passwords,
 which might allow attackers to (1) decrypt hashed passwords by leveraging
 knowledge of client registration codes or (2) gain login access by
 eavesdropping on login messages and re-using the hashed passwords.
Ubuntu-Description:
Notes:
 mdeslaur> fundamental problem with the Mxit protocol
Bugs:
Priority: low
Discovered-by: Yves Younan
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_pidgin:
upstream_pidgin: released (2.11.0)
precise_pidgin: ignored (reached end-of-life)
precise/esm_pidgin: DNE (precise was needed)
trusty_pidgin: ignored (out of standard support)
trusty/esm_pidgin: needed
vivid/stable-phone-overlay_pidgin: DNE
vivid/ubuntu-core_pidgin: DNE
xenial_pidgin: ignored (end of standard support, was needed)
yakkety_pidgin: ignored (reached end-of-life)
zesty_pidgin: ignored (reached end-of-life)
artful_pidgin: ignored (reached end-of-life)
bionic_pidgin: not-affected (2.11.0-1)
cosmic_pidgin: not-affected (2.11.0-1)
disco_pidgin: not-affected (2.11.0-1)
eoan_pidgin: not-affected (2.11.0-1)
focal_pidgin: not-affected (2.11.0-1)
groovy_pidgin: not-affected (2.11.0-1)
hirsute_pidgin: not-affected (2.11.0-1)
impish_pidgin: not-affected (2.11.0-1)
jammy_pidgin: not-affected (2.11.0-1)
devel_pidgin: not-affected (2.11.0-1)