CVE-2016-2379
Published: 29 March 2017
The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords.
Notes
| Author | Note |
|---|---|
| mdeslaur | fundamental problem with the Mxit protocol |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
pidgin Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
| bionic |
Not vulnerable
(2.11.0-1)
|
|
| cosmic |
Not vulnerable
(2.11.0-1)
|
|
| disco |
Not vulnerable
(2.11.0-1)
|
|
| eoan |
Not vulnerable
(2.11.0-1)
|
|
| focal |
Not vulnerable
(2.11.0-1)
|
|
| groovy |
Not vulnerable
(2.11.0-1)
|
|
| hirsute |
Not vulnerable
(2.11.0-1)
|
|
| impish |
Not vulnerable
(2.11.0-1)
|
|
| jammy |
Not vulnerable
(2.11.0-1)
|
|
| kinetic |
Not vulnerable
(2.11.0-1)
|
|
| lunar |
Not vulnerable
(2.11.0-1)
|
|
| mantic |
Not vulnerable
(2.11.0-1)
|
|
| precise |
Ignored
(end of life)
|
|
| trusty |
Needed
|
|
| upstream |
Released
(2.11.0)
|
|
| xenial |
Needed
|
|
| yakkety |
Ignored
(end of life)
|
|
| zesty |
Ignored
(end of life)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 8.8 |
| Attack vector | Adjacent |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |