{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-06-21T00:00:00", "descriptions": [{"lang": "en", "value": "The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-03-30T09:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "91335", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/91335"}, {"name": "GLSA-201701-38", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-38"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://pidgin.im/news/security/?id=95"}, {"tags": ["x_refsource_MISC"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0122/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2016-2379", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "91335", "refsource": "BID", "url": "http://www.securityfocus.com/bid/91335"}, {"name": "GLSA-201701-38", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-38"}, {"name": "https://pidgin.im/news/security/?id=95", "refsource": "CONFIRM", "url": "https://pidgin.im/news/security/?id=95"}, {"name": "http://www.talosintelligence.com/reports/TALOS-2016-0122/", "refsource": "MISC", "url": "http://www.talosintelligence.com/reports/TALOS-2016-0122/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:24:49.282Z"}, "title": "CVE Program Container", "references": [{"name": "91335", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/91335"}, {"name": "GLSA-201701-38", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-38"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://pidgin.im/news/security/?id=95"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0122/"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-2379", "datePublished": "2017-03-29T20:00:00", "dateReserved": "2016-02-12T00:00:00", "dateUpdated": "2024-08-05T23:24:49.282Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pidgin:mxit:-:*:*:*:*:*:*:*", "matchCriteriaId": "5020C929-47EE-4660-B31F-FF2D1D3EB667", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords."}, {"lang": "es", "value": "El protocolo Mxit utiliza cifrado d\u00e9bil al cifrar contrase\u00f1as de usuario, lo que podr\u00eda permitir a atacantes (1) Descifrar contrase\u00f1as hash aprovechando el conocimiento de los c\u00f3digos de registro del cliente u (2) obtener acceso de acceso por escuchas en los mensajes de inicio de sesi\u00f3n y volver a utilizar las contrase\u00f1as hash."}], "id": "CVE-2016-2379", "lastModified": "2017-04-10T22:16:11.263", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-29T20:59:00.200", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/91335"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0122/"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "https://pidgin.im/news/security/?id=95"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201701-38"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "pidgin: Eavesdropping hashed password when logging", "id": "1363715", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1363715"}, "csaw": false, "cvss": {"cvss_base_score": "5.4", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "status": "draft"}, "cvss3": {"cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L", "status": "draft"}, "cwe": "CWE-287", "details": ["The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords."], "name": "CVE-2016-2379", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "pidgin", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "pidgin", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "pidgin", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2016-06-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-2379\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2379\nhttp://www.talosintelligence.com/reports/TALOS-2016-0122/\nhttps://www.pidgin.im/news/security/?id=95"], "threat_severity": "Moderate"}