Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jcW02LWhyZ3EtNjg2Oc4AASbK
Apache OpenMeetings has Inadequate Encryption Strength
Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.
Permalink: https://github.com/advisories/GHSA-cqm6-hrgq-6869JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jcW02LWhyZ3EtNjg2Oc4AASbK
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
CVSS Score: 9.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-cqm6-hrgq-6869, CVE-2017-7673
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-7673
- http://markmail.org/message/3hshl26omwjo6c5i
- http://www.securityfocus.com/bid/99587
- https://github.com/advisories/GHSA-cqm6-hrgq-6869
Affected Packages
maven:org.apache.openmeetings:openmeetings-parent
Dependent packages: 0Dependent repositories: 1
Downloads:
Affected Version Ranges: >= 1.0.0, < 3.3.0
Fixed in: 3.3.0
All affected versions: 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.2.0, 3.2.1
All unaffected versions: 3.3.0, 3.3.1, 3.3.2, 4.0.0, 4.0.1, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.9, 4.0.10, 4.0.11, 5.0.0, 5.1.0, 6.2.0, 6.3.0, 7.0.0, 7.2.0