PT-2017-17876 · Apache · Apache Openmeetings

Publicado

2017-07-14

Atualizado

2022-05-13

CVE-2017-7673

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache OpenMeetings version 1.0.0

Description The issue concerns the use of weak cryptographic storage in Apache OpenMeetings. Additionally, the registration and forget password dialogs lack captcha, and authentication forms do not have brute force protection.

Recommendations For Apache OpenMeetings version 1.0.0, consider implementing stronger cryptographic storage mechanisms and adding captcha to the registration and forget password dialogs. As a temporary workaround, restrict access to authentication forms to minimize the risk of brute force attacks.

Correção

Improper Restriction of Excessive Authentication Attempts

Inadequate Encryption Strength

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-307CWE-326

Identificadores relacionados

CVE-2017-7673

GHSA-CQM6-HRGQ-6869

Produtos afetados

Apache Openmeetings

PT-2017-17876 · Apache · Apache Openmeetings

CVE-2017-7673

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6