CVE-2015-8542 - OpenCVE

Vendors	Products
Open-xchange	Ox Guard

Link	Providers
http://packetstormsecurity.com/files/136069/Open-Xchange-Guard-2.2.0-2.0-Private-Key-Disclosure.html
http://www.securityfocus.com/archive/1/537678/100/0/threaded
http://www.securitytracker.com/id/1035174

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-12-15T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The \"getprivkeybyid\" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. Clients provide the \"id\" and \"cid\" parameter to specify the current user by its user- and context-ID. The \"auth\" parameter contains a hashed password string which gets created by the client by asking the user to enter his or her OX Guard password. This parameter is used as single point of authentication when accessing PGP Private Keys. In case a user has set the same password as another user, it is possible to download another user's PGP Private Key by iterating the \"id\" and \"cid\" parameters. This kind of attack would also be able by brute-forcing login credentials, but since the \"id\" and \"cid\" parameters are sequential they are much easier to predict than a user's login name. At the same time, there are some obvious insecure standard passwords that are widely used. A attacker could send the hashed representation of typically weak passwords and randomly fetch Private Key of matching accounts. The attack can be executed by both internal users and \"guests\" which use the external mail reader."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20160302 Open-Xchange Security Advisory 2016-03-02", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/537678/100/0/threaded"}, {"name": "1035174", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035174"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://packetstormsecurity.com/files/136069/Open-Xchange-Guard-2.2.0-2.0-Private-Key-Disclosure.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8542", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The \"getprivkeybyid\" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. Clients provide the \"id\" and \"cid\" parameter to specify the current user by its user- and context-ID. The \"auth\" parameter contains a hashed password string which gets created by the client by asking the user to enter his or her OX Guard password. This parameter is used as single point of authentication when accessing PGP Private Keys. In case a user has set the same password as another user, it is possible to download another user's PGP Private Key by iterating the \"id\" and \"cid\" parameters. This kind of attack would also be able by brute-forcing login credentials, but since the \"id\" and \"cid\" parameters are sequential they are much easier to predict than a user's login name. At the same time, there are some obvious insecure standard passwords that are widely used. A attacker could send the hashed representation of typically weak passwords and randomly fetch Private Key of matching accounts. The attack can be executed by both internal users and \"guests\" which use the external mail reader."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20160302 Open-Xchange Security Advisory 2016-03-02", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/537678/100/0/threaded"}, {"name": "1035174", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035174"}, {"name": "http://packetstormsecurity.com/files/136069/Open-Xchange-Guard-2.2.0-2.0-Private-Key-Disclosure.html", "refsource": "CONFIRM", "url": "http://packetstormsecurity.com/files/136069/Open-Xchange-Guard-2.2.0-2.0-Private-Key-Disclosure.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:20:43.255Z"}, "title": "CVE Program Container", "references": [{"name": "20160302 Open-Xchange Security Advisory 2016-03-02", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/537678/100/0/threaded"}, {"name": "1035174", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1035174"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://packetstormsecurity.com/files/136069/Open-Xchange-Guard-2.2.0-2.0-Private-Key-Disclosure.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8542", "datePublished": "2016-12-15T06:31:00", "dateReserved": "2015-12-11T00:00:00", "dateUpdated": "2024-08-06T08:20:43.255Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:open-xchange:ox_guard:*:*:*:*:*:*:*:*", "matchCriteriaId": "44E60610-A117-4D3C-9115-5AA6879877D7", "versionEndIncluding": "2.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The \"getprivkeybyid\" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. Clients provide the \"id\" and \"cid\" parameter to specify the current user by its user- and context-ID. The \"auth\" parameter contains a hashed password string which gets created by the client by asking the user to enter his or her OX Guard password. This parameter is used as single point of authentication when accessing PGP Private Keys. In case a user has set the same password as another user, it is possible to download another user's PGP Private Key by iterating the \"id\" and \"cid\" parameters. This kind of attack would also be able by brute-forcing login credentials, but since the \"id\" and \"cid\" parameters are sequential they are much easier to predict than a user's login name. At the same time, there are some obvious insecure standard passwords that are widely used. A attacker could send the hashed representation of typically weak passwords and randomly fetch Private Key of matching accounts. The attack can be executed by both internal users and \"guests\" which use the external mail reader."}, {"lang": "es", "value": "Ha sido descubierto un problema en Open-Xchange Guard en versiones anteriores a 2.2.0-rev8. La llamada API \"getprivkeybyid\" es empleada para descargar Clave Privada PGP para un usuario espec\u00edfico tras proveer credenciales de autenticaci\u00f3n. Los clientes proveen el par\u00e1metro \"id\" y \"cid\" para especificar el usuario actual mediante su ID -y contexto-. El par\u00e1metro \"auth\" contiene cadena de contrase\u00f1a hash que es creada por el cliente solicitando al usuario que introduzca su contrase\u00f1a OX Guard. Este par\u00e1metro es utilizado como un \u00fanico punto de autenticaci\u00f3n al acceder a Claves Privadas PGP. En caso de que un usuario haya establecido la misma contrase\u00f1a que otro usuario, es posible descargar la Clave Privada PGP de otro usuario por interaci\u00f3n de los par\u00e1metros \"id\" y \"cid\". Este tipo de ataque podr\u00eda ser tambi\u00e9n posible forzando credenciales de inicio de sesi\u00f3n, pero dado que los par\u00e1metros \"id\" y \"cid\" son secuenciales, son mucho m\u00e1s f\u00e1ciles de predecir que el nombre de inicio de sesi\u00f3n de un usuario. Al mismo tiempo, hay algunas contrase\u00f1as est\u00e1ndar inseguras obvias que son ampliamente utilizadas. Un atacante podr\u00eda enviar la representaci\u00f3n hash de las contrase\u00f1as t\u00edpicamente d\u00e9biles y buscar aleatoriamente la Clave Privada de las cuentas coincidentes. El ataque puede ser ejecutado tanto por usuarios internos como por \"invitados\" que utilizan el lector de correo externo."}], "id": "CVE-2015-8542", "lastModified": "2018-10-19T15:46:29.710", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-12-15T06:59:00.130", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/136069/Open-Xchange-Guard-2.2.0-2.0-Private-Key-Disclosure.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/537678/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1035174"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-320"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object