CVE-2016-0783

Name of the Vulnerable Software and Affected Versions Apache OpenMeetings versions prior to 3.1.1

Description The issue allows remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time, due to the generation of predictable password reset tokens by the sendHashByUser function.

Recommendations For versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the password reset functionality until the update is applied.