CVE-2016-2379

{"id": "CVE-2016-2379", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2017-03-29T20:59:00.200", "references": [{"url": "http://www.securityfocus.com/bid/91335", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cret@cert.org"}, {"url": "http://www.talosintelligence.com/reports/TALOS-2016-0122/", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "https://pidgin.im/news/security/?id=95", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "https://security.gentoo.org/glsa/201701-38", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-326"}]}], "descriptions": [{"lang": "en", "value": "The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords."}, {"lang": "es", "value": "El protocolo Mxit utiliza cifrado d\u00e9bil al cifrar contrase\u00f1as de usuario, lo que podr\u00eda permitir a atacantes (1) Descifrar contrase\u00f1as hash aprovechando el conocimiento de los c\u00f3digos de registro del cliente u (2) obtener acceso de acceso por escuchas en los mensajes de inicio de sesi\u00f3n y volver a utilizar las contrase\u00f1as hash."}], "lastModified": "2017-04-10T22:16:11.263", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pidgin:mxit:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5020C929-47EE-4660-B31F-FF2D1D3EB667"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}