PT-2013-3296 · Open Xchange · Open-Xchange Server
Published
2013-09-05
·
Updated
2013-09-30
·
CVE-2013-1649
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Open-Xchange Server versions prior to 6.20.7 rev14
Open-Xchange Server versions 6.22.0 prior to rev13
Open-Xchange Server versions 6.22.1 prior to rev14
Description
The issue makes it easier for attackers to obtain cleartext passwords via a brute-force attack due to the use of crypt and SHA-1 algorithms for password hashing.
Recommendations
For Open-Xchange Server versions prior to 6.20.7 rev14, update to version 6.20.7 rev14 or later.
For Open-Xchange Server versions 6.22.0 prior to rev13, update to version 6.22.0 rev13 or later.
For Open-Xchange Server versions 6.22.1 prior to rev14, update to version 6.22.1 rev14 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open-Xchange Server