CVE-2016-2379
Published: 29 March 2017
The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords.
Notes
Author | Note |
---|---|
mdeslaur | fundamental problem with the Mxit protocol |
Priority
Status
Package | Release | Status |
---|---|---|
pidgin Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(2.11.0-1)
|
|
cosmic |
Not vulnerable
(2.11.0-1)
|
|
disco |
Not vulnerable
(2.11.0-1)
|
|
eoan |
Not vulnerable
(2.11.0-1)
|
|
focal |
Not vulnerable
(2.11.0-1)
|
|
groovy |
Not vulnerable
(2.11.0-1)
|
|
hirsute |
Not vulnerable
(2.11.0-1)
|
|
impish |
Not vulnerable
(2.11.0-1)
|
|
jammy |
Not vulnerable
(2.11.0-1)
|
|
kinetic |
Not vulnerable
(2.11.0-1)
|
|
lunar |
Not vulnerable
(2.11.0-1)
|
|
mantic |
Not vulnerable
(2.11.0-1)
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Needed
|
|
upstream |
Released
(2.11.0)
|
|
xenial |
Needed
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.8 |
Attack vector | Adjacent |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |