CVE-2016-2379

high

Description

The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords.

References

https://security.gentoo.org/glsa/201701-38

https://pidgin.im/news/security/?id=95

http://www.talosintelligence.com/reports/TALOS-2016-0122/

http://www.securityfocus.com/bid/91335

Details

Source: Mitre, NVD

Published: 2017-03-29

Updated: 2017-04-10

Risk Information

CVSS v2

Base Score: 3.3

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High