PT-2017-17876 · Apache · Apache Openmeetings

Published

2017-07-14

Updated

2022-05-13

CVE-2017-7673

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache OpenMeetings version 1.0.0

Description The issue concerns the use of weak cryptographic storage in Apache OpenMeetings. Additionally, the registration and forget password dialogs lack captcha, and authentication forms do not have brute force protection.

Recommendations For Apache OpenMeetings version 1.0.0, consider implementing stronger cryptographic storage mechanisms and adding captcha to the registration and forget password dialogs. As a temporary workaround, restrict access to authentication forms to minimize the risk of brute force attacks.

Fix

Improper Restriction of Excessive Authentication Attempts

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307CWE-326

Related Identifiers

CVE-2017-7673

GHSA-CQM6-HRGQ-6869

Affected Products

Apache Openmeetings

PT-2017-17876 · Apache · Apache Openmeetings

CVE-2017-7673

Weakness Enumeration

Related Identifiers

Affected Products

References · 6